EYWCET97LV2U.cab| Category | Machine | Started | Completed |
|---|---|---|---|
| FILE | s1_win7_x6403_us | Nov. 12, 2021, 8:51 a.m. | Nov. 12, 2021, 8:54 a.m. |
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| No hosts contacted. | ||
| IP Address | Status | Action |
|---|---|---|
| 164.124.101.2 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
| description | Run a KeyLogger | rule | KeyLogger | ||||||
| description | Escalate priviledges | rule | Escalate_priviledges | ||||||
| description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
| description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
| description | (no description) | rule | DebuggerHiding__Thread | ||||||
| description | (no description) | rule | DebuggerHiding__Active | ||||||
| description | (no description) | rule | ThreadControl__Context | ||||||
| description | (no description) | rule | SEH__vectored | ||||||
| description | Checks if being debugged | rule | anti_dbg | ||||||
| description | Bypass DEP | rule | disable_dep | ||||||
| Lionic | Trojan.Win64.CobaltStrike.4!c |
| FireEye | Trojan.GenericKDZ.73236 |
| Symantec | Trojan.Gen.NPE |
| TrendMicro-HouseCall | Backdoor.Win64.COBEACON.SMA |
| Avast | Other:Malware-gen [Trj] |
| ClamAV | Win.Trojan.CobaltStrike-9044898-1 |
| Kaspersky | HEUR:Trojan.Win64.CobaltStrike.gen |
| BitDefender | Trojan.GenericKDZ.73236 |
| Tencent | Win64.Trojan.Cobaltstrike.Frx |
| TrendMicro | Backdoor.Win64.COBEACON.SMA |
| Emsisoft | Trojan.GenericKDZ.73236 (B) |
| Gridinsoft | Trojan.Win64.Downloader.oa!s1 |
| Microsoft | TrojanDownloader:O97M/Donoff.SA!CAB |
| GData | Exploit.CVE-2021-40444.Gen.2 |
| McAfee | Artemis!3E1B96C3F677 |
| MAX | malware (ai score=81) |
| Rising | Backdoor.CobaltStrike/x64!1.D04A (CLASSIC) |
| Yandex | Trojan.CobaltStrike!s4mlTO1HeKM |
| Ikarus | Trojan.CobaltStrike |
| Fortinet | W32/PossibleThreat |
| AVG | Other:Malware-gen [Trj] |
| Panda | Trj/CI.A |