Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | Feb. 16, 2023, 9:39 a.m. | Feb. 16, 2023, 9:41 a.m. |
-
-
lsmlekitre.exe "C:\Users\test22\AppData\Local\Temp\lsmlekitre.exe" C:\Users\test22\AppData\Local\Temp\rdkswobyge.xvj
2664-
lsmlekitre.exe "C:\Users\test22\AppData\Local\Temp\lsmlekitre.exe"
2708
-
-
IP Address | Status | Action |
---|---|---|
103.221.223.104 | Active | Moloch |
104.21.73.212 | Active | Moloch |
162.241.217.45 | Active | Moloch |
164.124.101.2 | Active | Moloch |
185.215.4.36 | Active | Moloch |
194.58.112.174 | Active | Moloch |
199.192.30.193 | Active | Moloch |
199.59.243.222 | Active | Moloch |
35.244.144.199 | Active | Moloch |
45.33.6.223 | Active | Moloch |
81.88.48.71 | Active | Moloch |
89.163.135.184 | Active | Moloch |
94.73.144.194 | Active | Moloch |
Suricata Alerts
Suricata TLS
No Suricata TLS
section | .ndata |
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.adasoft.info/g8zi/?JEaL=AjThibsiKHEzMap5+Vb1YatjExSsvvxZcrBupw4ZBG4WRQVp136auGb9quzXsBzaGyepbYm2IRG+aRDhPY6xv0UHc7irYlLkFg/xdwc=&4PPPYg=wkg1XDgwksv | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.roofing-services-jp.click/g8zi/?JEaL=gTlFRVzTQHY+4EgrNO5awQa8RWZgVCjJOwNNvloWYAeZ2YNPVdJ0JDTSYybnPjzpnRJAw1yAloqncvuNrvOysTzLgSLmOoxM4SS5trI=&4PPPYg=wkg1XDgwksv | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.gargaloid.ru/g8zi/?JEaL=DkLLWxis2E1HUQHLgvf0rwReE860J9T9JCUYJKAUGGGLEJ+tSm+r/8GD6x7i7OBqP6FTrmIabcF+CcJqeR0FKekLXyINHVeG/YqS6OE=&4PPPYg=wkg1XDgwksv | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.glenwoodstudiocrafts.com/g8zi/?JEaL=gbuUsdMFgAKo+NdGlyvkSKYNRqirfVQ89Bp33XaDA2X8lfWerQUcV5LlbkaQmw5VxTa6UNcaUaTY77vs7V20eR3+7cVD7zKEEkhMbDQ=&4PPPYg=wkg1XDgwksv | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.toporsche.online/g8zi/?JEaL=Bw9a0uuo3rzhwumdM7nrjI14X+BCr6LihBT+/rKJp3efzvxic1aH+RBRhAXvIyjDStl1Up5h0HNoWXDtP9lq1bQZPtqPn36pZK/YgBg=&4PPPYg=wkg1XDgwksv | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.kitmake.site/g8zi/?JEaL=xsrS/voV1B9CoCwWjknnidlVFWFjHTCHzTQPpqEBQEqvnN6OKGA2mnHVlaVl91DOqShwtJOPyPE8TrZpP8AQoalCMd0Ga+zcmwYW8Yo=&4PPPYg=wkg1XDgwksv | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.gulyapipimapen.com/g8zi/?JEaL=VuLYQfvlBUqfT2McKuawAjaDBjX0t9mr1J6uyY3ZF4LXs8N5wdxwFreC8pgW3C9k+M7S0vPJnt4Nr2VoSdFZmL0o42Ux3LoeA6EoHiQ=&4PPPYg=wkg1XDgwksv | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.duloxetine.best/g8zi/?JEaL=rHOc5/Qta46Ekd5uFeqEdtxA4UdExyq8BvUDkLx0j/YVdOkc4qLNTxLHCgQnAeZZAyqTB51wb5QplN8VpPuQtjYwQCy3R2e8IKIo0q8=&4PPPYg=wkg1XDgwksv | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.888h8.club/g8zi/?JEaL=Ks12YypKabo5FdLXnvxM/Qpm/Gn9v2zY1zgFJmYNxzzlsbG0b/LOSxPj/TZ+035nj0ULeNoalWyc8wPdZlbp7l9sjPbRLD9hV7Rdk3c=&4PPPYg=wkg1XDgwksv | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.suachuadienlanh247.com/g8zi/?JEaL=1kj8Fq4L6TnfCmx99eO1afxEcD46BTaHG7EMr4gibJ+l1xb+1zvKeyGogpKzQDyXb90/ei3szzlZtvNifGH4bJQgs5x5EHn9neAPCZE=&4PPPYg=wkg1XDgwksv |
request | GET http://www.adasoft.info/g8zi/?JEaL=AjThibsiKHEzMap5+Vb1YatjExSsvvxZcrBupw4ZBG4WRQVp136auGb9quzXsBzaGyepbYm2IRG+aRDhPY6xv0UHc7irYlLkFg/xdwc=&4PPPYg=wkg1XDgwksv |
request | GET http://www.sqlite.org/2016/sqlite-dll-win32-x86-3150000.zip |
request | POST http://www.roofing-services-jp.click/g8zi/ |
request | GET http://www.roofing-services-jp.click/g8zi/?JEaL=gTlFRVzTQHY+4EgrNO5awQa8RWZgVCjJOwNNvloWYAeZ2YNPVdJ0JDTSYybnPjzpnRJAw1yAloqncvuNrvOysTzLgSLmOoxM4SS5trI=&4PPPYg=wkg1XDgwksv |
request | POST http://www.gargaloid.ru/g8zi/ |
request | GET http://www.gargaloid.ru/g8zi/?JEaL=DkLLWxis2E1HUQHLgvf0rwReE860J9T9JCUYJKAUGGGLEJ+tSm+r/8GD6x7i7OBqP6FTrmIabcF+CcJqeR0FKekLXyINHVeG/YqS6OE=&4PPPYg=wkg1XDgwksv |
request | POST http://www.glenwoodstudiocrafts.com/g8zi/ |
request | GET http://www.glenwoodstudiocrafts.com/g8zi/?JEaL=gbuUsdMFgAKo+NdGlyvkSKYNRqirfVQ89Bp33XaDA2X8lfWerQUcV5LlbkaQmw5VxTa6UNcaUaTY77vs7V20eR3+7cVD7zKEEkhMbDQ=&4PPPYg=wkg1XDgwksv |
request | POST http://www.toporsche.online/g8zi/ |
request | GET http://www.toporsche.online/g8zi/?JEaL=Bw9a0uuo3rzhwumdM7nrjI14X+BCr6LihBT+/rKJp3efzvxic1aH+RBRhAXvIyjDStl1Up5h0HNoWXDtP9lq1bQZPtqPn36pZK/YgBg=&4PPPYg=wkg1XDgwksv |
request | POST http://www.kitmake.site/g8zi/ |
request | GET http://www.kitmake.site/g8zi/?JEaL=xsrS/voV1B9CoCwWjknnidlVFWFjHTCHzTQPpqEBQEqvnN6OKGA2mnHVlaVl91DOqShwtJOPyPE8TrZpP8AQoalCMd0Ga+zcmwYW8Yo=&4PPPYg=wkg1XDgwksv |
request | POST http://www.gulyapipimapen.com/g8zi/ |
request | GET http://www.gulyapipimapen.com/g8zi/?JEaL=VuLYQfvlBUqfT2McKuawAjaDBjX0t9mr1J6uyY3ZF4LXs8N5wdxwFreC8pgW3C9k+M7S0vPJnt4Nr2VoSdFZmL0o42Ux3LoeA6EoHiQ=&4PPPYg=wkg1XDgwksv |
request | POST http://www.duloxetine.best/g8zi/ |
request | GET http://www.duloxetine.best/g8zi/?JEaL=rHOc5/Qta46Ekd5uFeqEdtxA4UdExyq8BvUDkLx0j/YVdOkc4qLNTxLHCgQnAeZZAyqTB51wb5QplN8VpPuQtjYwQCy3R2e8IKIo0q8=&4PPPYg=wkg1XDgwksv |
request | POST http://www.888h8.club/g8zi/ |
request | GET http://www.888h8.club/g8zi/?JEaL=Ks12YypKabo5FdLXnvxM/Qpm/Gn9v2zY1zgFJmYNxzzlsbG0b/LOSxPj/TZ+035nj0ULeNoalWyc8wPdZlbp7l9sjPbRLD9hV7Rdk3c=&4PPPYg=wkg1XDgwksv |
request | POST http://www.suachuadienlanh247.com/g8zi/ |
request | GET http://www.suachuadienlanh247.com/g8zi/?JEaL=1kj8Fq4L6TnfCmx99eO1afxEcD46BTaHG7EMr4gibJ+l1xb+1zvKeyGogpKzQDyXb90/ei3szzlZtvNifGH4bJQgs5x5EHn9neAPCZE=&4PPPYg=wkg1XDgwksv |
request | POST http://www.jvrsoft.online/g8zi/ |
request | POST http://www.roofing-services-jp.click/g8zi/ |
request | POST http://www.gargaloid.ru/g8zi/ |
request | POST http://www.glenwoodstudiocrafts.com/g8zi/ |
request | POST http://www.toporsche.online/g8zi/ |
request | POST http://www.kitmake.site/g8zi/ |
request | POST http://www.gulyapipimapen.com/g8zi/ |
request | POST http://www.duloxetine.best/g8zi/ |
request | POST http://www.888h8.club/g8zi/ |
request | POST http://www.suachuadienlanh247.com/g8zi/ |
request | POST http://www.jvrsoft.online/g8zi/ |
domain | www.gargaloid.ru | description | Russian Federation domain TLD |
file | C:\Users\test22\AppData\Local\Temp\lsmlekitre.exe |
Lionic | Trojan.Win32.Generic.4!c |
Elastic | malicious (high confidence) |
MicroWorld-eScan | Trojan.NSISX.Spy.Gen.24 |
McAfee | RDN/Generic PWS.y |
Cylance | Unsafe |
VIPRE | Trojan.NSISX.Spy.Gen.24 |
Sangfor | Suspicious.Win32.Save.ins |
Cybereason | malicious.ec1df3 |
Arcabit | Trojan.NSISX.Spy.Gen.24 |
ESET-NOD32 | a variant of Win32/Injector.ESRN |
APEX | Malicious |
Paloalto | generic.ml |
Cynet | Malicious (score: 100) |
Kaspersky | UDS:DangerousObject.Multi.Generic |
BitDefender | Trojan.NSISX.Spy.Gen.24 |
NANO-Antivirus | Riskware.Nsis.Adw.dpxyts |
Avast | Win32:Malware-gen |
Sophos | Mal/Generic-S |
F-Secure | Trojan.TR/AD.GenShell.rjbkn |
McAfee-GW-Edition | BehavesLike.Win32.Dropper.fc |
Trapmine | malicious.moderate.ml.score |
FireEye | Generic.mg.29fb7632d7e495f0 |
Emsisoft | Trojan.NSISX.Spy.Gen.24 (B) |
SentinelOne | Static AI - Suspicious PE |
Avira | TR/AD.GenShell.rjbkn |
MAX | malware (ai score=81) |
Kingsoft | Win32.Troj.Generic_a.a.(kcloud) |
Microsoft | Trojan:Win32/Formbook!MTB |
ZoneAlarm | UDS:DangerousObject.Multi.Generic |
GData | Trojan.NSISX.Spy.Gen.24 |
Detected | |
AhnLab-V3 | Trojan/Win.Agent.C5382526 |
ALYac | Trojan.NSISX.Spy.Gen.24 |
Rising | Trojan.Generic@AI.98 (RDML:Dt414YZqFrXmNGOhbmlShw) |
Ikarus | Trojan.Inject |
Fortinet | W32/Injector.NSAY!tr |
AVG | Win32:Malware-gen |
Panda | Trj/RnkBend.A |
CrowdStrike | win/malicious_confidence_100% (D) |