Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | Nov. 18, 2021, 2:42 p.m. | Nov. 18, 2021, 2:59 p.m. |
-
-
GoalFit.exe "C:\Users\test22\AppData\Local\Temp\GoalFit.exe"
2432
-
IP Address | Status | Action |
---|---|---|
142.250.204.147 | Active | Moloch |
154.203.8.28 | Active | Moloch |
154.86.195.217 | Active | Moloch |
164.124.101.2 | Active | Moloch |
185.146.22.236 | Active | Moloch |
185.151.30.177 | Active | Moloch |
2.57.90.16 | Active | Moloch |
204.11.56.48 | Active | Moloch |
216.137.179.182 | Active | Moloch |
23.227.38.74 | Active | Moloch |
3.64.163.50 | Active | Moloch |
34.102.136.180 | Active | Moloch |
Suricata Alerts
Suricata TLS
No Suricata TLS
section | .ndata |
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.doctorfly.mobi/fg6s/?hBZ=ZD+CDfKzm/2YQc3YUSWpgqXUEniGIQPqGnxtch4bxt/WqhYVJmOg1TegURDgRtjTY4agDkrV&or=3f2pdRAhg | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.lghl56.com/fg6s/?hBZ=uc/5PuIUZlG36os+7LexRTPp6wnTJKg2zgJfW+2DzVSFDGp/ZX6ed7j6rzoWHlmopcfw67ac&or=3f2pdRAhg | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.fairshakeforfarmers.com/fg6s/?hBZ=xKxtAmNEnxoBUukVIEF1kvuK+nwXMLOnedC+SNz+BGaFhI5v6X1MgDSserQot0MFGqCPeyki&or=3f2pdRAhg | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.omnebrand.com/fg6s/?hBZ=9brTSNv+C1bZjAKjYfad4vi7E65W3zPrh1IQvHFu7UT2xWBfg4DahvTXlUjO1GKskhxRzYYt&or=3f2pdRAhg | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.leadgenteambyec2.online/fg6s/?hBZ=F2Zf2n4P0FXRaLVHjnLjEfJTEg7xi89YsuUiESEaACXybpqmv6BiuuaznmyJ6mz5DteeP808&or=3f2pdRAhg | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.jshntn.com/fg6s/?hBZ=QhJT/lj89jmoERcPnbTQCqPc65rPokueh5BqelcbeJy7pcqc3+lUtgWUw0fy5Ld9UWGgu0ep&or=3f2pdRAhg | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.alo360.net/fg6s/?hBZ=Mz4uLoABPVXo3kz7cY9kI1UW/VC8dhujTXpbszs0NPRWzSBmB/biWYhkOb4QFg4YZ/yq4ZIw&or=3f2pdRAhg | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.decentralstream.com/fg6s/?hBZ=5w4qcH3RtmDmlmYd8peDY0KE2wDS2yAwKjriKCc5syzJGBsdqKRa5Igiu1uXS3h05ItrAZN3&or=3f2pdRAhg | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.fuqoguiders.xyz/fg6s/?hBZ=GOXv9FyzhJsa8KS8dsMmj7/YoTn1jmPQeNfbpJuZqmm6ucgpeks34qCTkToYyxiW+NLP4pkS&or=3f2pdRAhg | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.drfarhad-amini.com/fg6s/?hBZ=YemKNOFl2uCC2w2+Hf7nWnP/ao/99kBWt1q/O2BJCHQBIGOUleovmks/GdEUoR1FOJMr1UT2&or=3f2pdRAhg | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.invalidmob.com/fg6s/?hBZ=c239r9fe958S+F1/a+Ow4ejRZ5GHg1F7woFiZTSPM63bBEDr1IS9Bs9IDA3udVl18SDeT0jt&VRKh=vDKtMDQphn4DpR | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.capitandelamarina.com/fg6s/?hBZ=sLzNFFNyjDEco478Bhn0l2SjjrMBdiGF5KmlY86sslKlGHEC66IFdMgpFM2UPuLAB2LyR8Wr&VRKh=vDKtMDQphn4DpR |
request | GET http://www.doctorfly.mobi/fg6s/?hBZ=ZD+CDfKzm/2YQc3YUSWpgqXUEniGIQPqGnxtch4bxt/WqhYVJmOg1TegURDgRtjTY4agDkrV&or=3f2pdRAhg |
request | GET http://www.lghl56.com/fg6s/?hBZ=uc/5PuIUZlG36os+7LexRTPp6wnTJKg2zgJfW+2DzVSFDGp/ZX6ed7j6rzoWHlmopcfw67ac&or=3f2pdRAhg |
request | GET http://www.fairshakeforfarmers.com/fg6s/?hBZ=xKxtAmNEnxoBUukVIEF1kvuK+nwXMLOnedC+SNz+BGaFhI5v6X1MgDSserQot0MFGqCPeyki&or=3f2pdRAhg |
request | GET http://www.omnebrand.com/fg6s/?hBZ=9brTSNv+C1bZjAKjYfad4vi7E65W3zPrh1IQvHFu7UT2xWBfg4DahvTXlUjO1GKskhxRzYYt&or=3f2pdRAhg |
request | GET http://www.leadgenteambyec2.online/fg6s/?hBZ=F2Zf2n4P0FXRaLVHjnLjEfJTEg7xi89YsuUiESEaACXybpqmv6BiuuaznmyJ6mz5DteeP808&or=3f2pdRAhg |
request | GET http://www.jshntn.com/fg6s/?hBZ=QhJT/lj89jmoERcPnbTQCqPc65rPokueh5BqelcbeJy7pcqc3+lUtgWUw0fy5Ld9UWGgu0ep&or=3f2pdRAhg |
request | GET http://www.alo360.net/fg6s/?hBZ=Mz4uLoABPVXo3kz7cY9kI1UW/VC8dhujTXpbszs0NPRWzSBmB/biWYhkOb4QFg4YZ/yq4ZIw&or=3f2pdRAhg |
request | GET http://www.decentralstream.com/fg6s/?hBZ=5w4qcH3RtmDmlmYd8peDY0KE2wDS2yAwKjriKCc5syzJGBsdqKRa5Igiu1uXS3h05ItrAZN3&or=3f2pdRAhg |
request | GET http://www.fuqoguiders.xyz/fg6s/?hBZ=GOXv9FyzhJsa8KS8dsMmj7/YoTn1jmPQeNfbpJuZqmm6ucgpeks34qCTkToYyxiW+NLP4pkS&or=3f2pdRAhg |
request | GET http://www.drfarhad-amini.com/fg6s/?hBZ=YemKNOFl2uCC2w2+Hf7nWnP/ao/99kBWt1q/O2BJCHQBIGOUleovmks/GdEUoR1FOJMr1UT2&or=3f2pdRAhg |
request | GET http://www.invalidmob.com/fg6s/?hBZ=c239r9fe958S+F1/a+Ow4ejRZ5GHg1F7woFiZTSPM63bBEDr1IS9Bs9IDA3udVl18SDeT0jt&VRKh=vDKtMDQphn4DpR |
request | GET http://www.capitandelamarina.com/fg6s/?hBZ=sLzNFFNyjDEco478Bhn0l2SjjrMBdiGF5KmlY86sslKlGHEC66IFdMgpFM2UPuLAB2LyR8Wr&VRKh=vDKtMDQphn4DpR |
file | C:\Users\test22\AppData\Local\Temp\nsf8C72.tmp\jkkqvfuxifr.dll |
file | C:\Users\test22\AppData\Local\Temp\nsf8C72.tmp\jkkqvfuxifr.dll |
Lionic | Trojan.Multi.Generic.4!c |
MicroWorld-eScan | Trojan.NSISX.Spy.Gen.2 |
FireEye | Trojan.NSISX.Spy.Gen.2 |
ALYac | Trojan.NSISX.Spy.Gen.2 |
Cylance | Unsafe |
Symantec | Packed.Generic.606 |
ESET-NOD32 | a variant of Win32/Injector.EQOD |
Paloalto | generic.ml |
Kaspersky | UDS:DangerousObject.Multi.Generic |
BitDefender | Trojan.NSISX.Spy.Gen.2 |
Avast | FileRepMalware |
Emsisoft | Trojan.NSISX.Spy.Gen.2 (B) |
McAfee-GW-Edition | BehavesLike.Win32.Dropper.dc |
SentinelOne | Static AI - Suspicious PE |
Ikarus | Trojan.NSIS.Agent |
Microsoft | Trojan:Win32/Sabsik.FL.B!ml |
GData | Trojan.NSISX.Spy.Gen.2 |
Cynet | Malicious (score: 100) |
McAfee | Artemis!B1815A67A310 |
APEX | Malicious |
MAX | malware (ai score=83) |
AVG | FileRepMalware |