Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.19 02:11
Potwierdzenie.exe
11.19 02:11
cheet.exe
11.19 02:11
chelentano.exe
11.19 02:11
12.exe
11.19 02:11
caspol.exe
11.19 02:11
gambinho.exe
11.19 02:11
Getdp.exe
11.19 02:11
caspol.exe
11.19 02:11
caspol.exe
11.18 02:11
DOCTOR FIRM ORDER FORM...

Latest News
11.19 06:11
Extending Burp Suite f...
11.19 06:11
How China’s National S...
11.19 06:11
Spot the Difference: E...
11.19 06:11
The Barcode Beast Like...
11.19 06:11
China’s Chip Advances ...
11.19 06:11
이지중고가전, 나눔과 환경보호로 사회적공...
11.19 06:11
Spot the Difference: E...
11.19 05:11
[AIS 2024 영상] KISA 강동우...
11.19 05:11
WVC대학교, 테솔자격증 장학생 모집 실시
11.19 05:11
[긴급] 현재 사이버 공격에 악용중인 팔...

Summary | ZeroBOX

wL8P9unF.zip

ZIP Format

Category	Machine	Started	Completed
FILE	s1_win7_x6402	March 22, 2023, 10:41 a.m.	March 22, 2023, 10:44 a.m.

Size	944.9KB
Type	Zip archive data, at least v2.0 to extract
MD5	`1f5166dbb451fe00af869e50377e286d`
SHA256	`4e34d62f76eeca9106cabde22921b69e9bbd1ea0364b49ca141855ed2ca5b773`
CRC32	`3587C5D5`
ssdeep	`12288:tkf5dOzheNdckFRKluvnRHXdhbDHfXZX1EKdxKmSTH4ded:mXzNdfKluvnRHthzfoYxJlC`
Yara	zip_file_format - ZIP file format

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
104.168.155.143	Active	Moloch
107.170.39.149	Active	Moloch
115.68.227.76	Active	Moloch
164.124.101.2	Active	Moloch
164.90.222.65	Active	Moloch
167.172.199.165	Active	Moloch
172.105.226.75	Active	Moloch
187.63.160.88	Active	Moloch
202.129.205.3	Active	Moloch
209.126.85.32	Active	Moloch
213.239.212.5	Active	Moloch
5.135.159.50	Active	Moloch
94.23.45.86	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.102:49184 -> 187.63.160.88:80	2404307	ET CNC Feodo Tracker Reported CnC Server group 8	A Network Trojan was detected
TCP 192.168.56.102:49186 -> 164.90.222.65:443	2404304	ET CNC Feodo Tracker Reported CnC Server group 5	A Network Trojan was detected
TCP 192.168.56.102:49187 -> 104.168.155.143:8080	2404300	ET CNC Feodo Tracker Reported CnC Server group 1	A Network Trojan was detected
TCP 187.63.160.88:80 -> 192.168.56.102:49184	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.102:49189 -> 213.239.212.5:443	2404309	ET CNC Feodo Tracker Reported CnC Server group 10	A Network Trojan was detected
TCP 209.126.85.32:8080 -> 192.168.56.102:49182	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 213.239.212.5:443 -> 192.168.56.102:49189	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 172.105.226.75:8080 -> 192.168.56.102:49191	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic

Suricata TLS

No Suricata TLS

File has been identified by 4 AntiVirus engines on VirusTotal as malicious (4 events)

Baidu	Archive.Bomb
Kaspersky	UDS:Trojan-Banker.Win64.Emotet
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Rising	Malware.SwollenFile!1.DDB4 (CLASSIC)

Communicates with host for which no DNS query was performed (12 events)

host	104.168.155.143
host	107.170.39.149
host	115.68.227.76
host	164.90.222.65
host	167.172.199.165
host	172.105.226.75
host	187.63.160.88
host	202.129.205.3
host	209.126.85.32
host	213.239.212.5
host	5.135.159.50
host	94.23.45.86

Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (10 events)

dead_host	202.129.205.3:8080
dead_host	164.90.222.65:443
dead_host	115.68.227.76:8080
dead_host	107.170.39.149:8080
dead_host	5.135.159.50:443
dead_host	104.168.155.143:8080
dead_host	167.172.199.165:8080
dead_host	192.168.56.102:49194
dead_host	192.168.56.102:49195
dead_host	192.168.56.102:49192