Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Sept. 19, 2021, 10:39 a.m.	Sept. 19, 2021, 10:44 a.m.

Size	348.0KB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`6d4254084c9aff0d20d9c1cdfb7a31ec`
SHA256	`d4b9e53f5c6c5a187fe5c8f20c855f0e6aa938931052b80af1413b99580e3750`
CRC32	`2D1D0FC2`
ssdeep	`6144:MzNHXf500MGtTBrtf0sdbHigT7z42Xgvdi:md50SrfZ5ToEg1i`
Yara	Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware Is_DotNET_EXE - (no description) Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT IsPE32 - (no description) Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult

Name	Response	Post-Analysis Lookup
ip-api.com	A 208.95.112.1	208.95.112.1

IP Address	Status	Action
164.124.101.2	Active	Moloch
208.95.112.1	Active	Moloch
77.21.216.101	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49202 -> 208.95.112.1:80	2022082	ET POLICY External IP Lookup ip-api.com	Device Retrieving External IP Address Detected

Suricata TLS

No Suricata TLS

Performs some HTTP requests (1 event)

request

GET http://ip-api.com/json/

Looks up the external IP address (1 event)

domain

ip-api.com

Communicates with host for which no DNS query was performed (1 event)

host

77.21.216.101

Generates some ICMP traffic

Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 event)

dead_host

77.21.216.101:4665

File has been identified by 61 AntiVirus engines on VirusTotal as malicious (50 out of 61 events)

Lionic	Trojan.MSIL.Agent.mCnJ
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
CAT-QuickHeal	Trojan.MsilFC.S19436557
ALYac	Trojan.GenericKD.37547757
Malwarebytes	Generic.Trojan.Malicious.DDS
Zillya	Trojan.Agent.Win32.803809
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	Backdoor:MSIL/Quasar.84100987
K7GW	Trojan ( 00521dab1 )
K7AntiVirus	Trojan ( 00521dab1 )
Arcabit	Trojan.Generic.D23CEEED
Cyren	W32/MSIL_Mintluks.A.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Spy.Agent.AES
APEX	Malicious
Paloalto	generic.ml
ClamAV	Win.Packed.Passwordstealera-9792228-0
Kaspersky	Trojan.MSIL.Agent.foww
BitDefender	Trojan.GenericKD.37547757
NANO-Antivirus	Trojan.Win32.FCOI.jawptn
ViRobot	Trojan.Win32.Z.Agent.356352.HCW
MicroWorld-eScan	Trojan.GenericKD.37547757
Avast	MSIL:Rat-B [Trj]
Tencent	Malware.Win32.Gencirc.11cd25f3
Ad-Aware	Trojan.GenericKD.37547757
Sophos	ML/PE-A + ATK/Zaquar-D
Comodo	Malware@#1h8usdqur11fi
F-Secure	Heuristic.HEUR/AGEN.1135947
DrWeb	Trojan.DownLoader27.59888
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	TSPY_TINCLEX.SM1
McAfee-GW-Edition	BehavesLike.Win32.Generic.fh
FireEye	Generic.mg.6d4254084c9aff0d
Emsisoft	Trojan.GenericKD.37547757 (B)
Ikarus	Trojan.MSIL.Agent
Jiangmin	Trojan.Generic.ajfvk
Webroot	W32.Malware.Gen
Avira	HEUR/AGEN.1135947
Antiy-AVL	Trojan/Generic.ASMalwS.201E287
Kingsoft	Win32.Troj.Agent.fo.(kcloud)
Gridinsoft	Trojan.Win32.Agent.oa
Microsoft	Backdoor:MSIL/Quasar.GG!MTB
SUPERAntiSpyware	Trojan.Agent/Gen-PasswordStealer
GData	Trojan.GenericKD.37547757
AhnLab-V3	Trojan/Win32.Subti.R285137
Acronis	suspicious
McAfee	PWS-FCOI!6D4254084C9A
MAX	malware (ai score=100)

cyber-server.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All