Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	May 31, 2023, 12:29 a.m.	May 31, 2023, 12:31 a.m.

Size	2.2MB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`986a9cd4347aa2207ae5fdbffecfae5a`
SHA256	`f74146e200ac3983f6df782faa0d0807c22bfc9c2ae69ec1df6f9df439c65f5c`
CRC32	`798EFB64`
ssdeep	`24576:OOfsfKozBKHAhRh3KzPSA7R7Bt28SVSVlzyQOQZ9IEb68vL4R+2pYJeCYMXABtR:PBozBdhEV7q8bOQnIFWY+3Je0w5`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library IsPE64 - (no description) PE_Header_Zero - PE File Signature

InvictaStealer.exe "C:\Users\test22\AppData\Local\Temp\InvictaStealer.exe"
2552

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

section

_RDATA

description

InvictaStealer.exe tried to sleep 132 seconds, actually delayed analysis time by 104 seconds

Time & API	Arguments	Status	Return	Repeated
NtCreateFile May 31, 2023, 12:22 a.m.	create_disposition: 1 (FILE_OPEN) file_handle: 0x00000000000000ac filepath: \??\PhysicalDrive0 desired_access: 0x00100080 (FILE_READ_ATTRIBUTES\|SYNCHRONIZE) file_attributes: 0 () filepath_r: \??\PhysicalDrive0 create_options: 96 (FILE_NON_DIRECTORY_FILE\|FILE_SYNCHRONOUS_IO_NONALERT) status_info: 0 (FILE_SUPERSEDED) share_access: 3 (FILE_SHARE_READ\|FILE_SHARE_WRITE)	1	0	0
DeviceIoControl May 31, 2023, 12:22 a.m.	input_buffer: control_code: 458752 (IOCTL_DISK_GET_DRIVE_GEOMETRY) device_handle: 0x00000000000000ac output_buffer: Qÿ?	1	1	0

Lionic	Trojan.Win32.Generic.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Mikey.146292
FireEye	Gen:Variant.Mikey.146292
ALYac	Gen:Variant.Mikey.146292
Malwarebytes	Malware.AI.797245564
Zillya	Trojan.Stealer.Win64.160
K7AntiVirus	Password-Stealer ( 0058bdf01 )
Alibaba	TrojanPSW:Win64/Stealer.dc707342
K7GW	Password-Stealer ( 0058bdf01 )
Cyren	W64/ABRisk.GFGC-4959
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win64/PSW.Agent.BK
Kaspersky	Trojan-PSW.Win64.Stealer.age
BitDefender	Gen:Variant.Mikey.146292
Avast	Win64:PWSX-gen [Trj]
Tencent	Malware.Win32.Gencirc.10be934d
Emsisoft	Gen:Variant.Mikey.146292 (B)
F-Secure	Heuristic.HEUR/AGEN.1319430
VIPRE	Gen:Variant.Mikey.146292
TrendMicro	TROJ_GEN.R002C0DD723
McAfee-GW-Edition	BehavesLike.Win64.Dropper.vh
Sophos	Mal/Generic-S
Jiangmin	Trojan.PSW.Stealer.chb
Webroot	W32.Trojan.Gen
Avira	HEUR/AGEN.1319430
Antiy-AVL	Trojan[Backdoor]/Win64.Mozaakai
Microsoft	Backdoor:Win64/Mozaakai.ZZ!MTB
Arcabit	Trojan.Mikey.D23B74
ZoneAlarm	Trojan-PSW.Win64.Stealer.age
GData	Gen:Variant.Mikey.146292
Cynet	Malicious (score: 100)
AhnLab-V3	Backdoor/Win.Mozaakai.R568695
McAfee	Artemis!986A9CD4347A
MAX	malware (ai score=80)
Cylance	unsafe
Panda	Trj/CI.A
TrendMicro-HouseCall	TROJ_GEN.R002C0DD723
Rising	Backdoor.Mozaakai!8.11A7D (TFE:5:m459qOqnsqT)
Yandex	Trojan.PWS.Agent!ZV2d0QxvppY
Ikarus	Trojan-PSW.Agent
MaxSecure	Trojan.Malware.205442763.susgen
Fortinet	W64/Agent.BK!tr
AVG	Win64:PWSX-gen [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)

InvictaStealer.exe