Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	June 30, 2023, 5:39 p.m.	June 30, 2023, 5:47 p.m.

Size	123.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`ed0a563d3d57d03356187c1a2fbcce3f`
SHA256	`ed78295a1b60b7053383c7f2a4837c62cb5625d7d57b5f4121df45660a000c65`
CRC32	`5D29A466`
ssdeep	`3072:kBHLe0crYUAc3W3RBjJ9wUZBva7oRrADruYQLeT8YGjjsxf:k1vcruc3WBBEUy7oL3jjwf`
PDB Path	D:\ÐÑÐ¾ÐµÐºÑÑ\Allcome\Source code\Build\Release\Build.pdb
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) ASPack_Zero - ASPack packed file

fortnite3.exe "C:\Users\test22\AppData\Local\Temp\fortnite3.exe"
2552

Name	Response	Post-Analysis Lookup
dba692117be7b6d3480fe5220fdd58b38bf.xyz

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.101:59002 -> 164.124.101.2:53	2039099	ET MALWARE AllcomeClipper CnC Domain (dba692117be7b6d3480fe5220fdd58b38bf .xyz) in DNS Lookup	Domain Observed Used for C2 Detected

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

D:\ÐÑÐ¾ÐµÐºÑÑ\Allcome\Source code\Build\Release\Build.pdb

File has been identified by 55 AntiVirus engines on VirusTotal as malicious (50 out of 55 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Tasker.4!c
MicroWorld-eScan	Gen:Variant.Doina.33620
FireEye	Generic.mg.ed0a563d3d57d033
McAfee	GenericRXTY-HX!ED0A563D3D57
Cylance	unsafe
VIPRE	Gen:Variant.Doina.33620
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 00590df61 )
Alibaba	Trojan:Win32/ClipBanker.98826b2d
K7GW	Trojan ( 00590df61 )
Cybereason	malicious.d3d57d
Arcabit	Trojan.Doina.D8354
BitDefenderTheta	AI:Packer.C0E0216D1F
Cyren	W32/ClipBanker.AJ.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	Windows.Trojan.Clipbanker
ESET-NOD32	a variant of Win32/ClipBanker.OI
Cynet	Malicious (score: 100)
APEX	Malicious
Kaspersky	HEUR:Trojan.Win32.Tasker.gen
BitDefender	Gen:Variant.Doina.33620
NANO-Antivirus	Trojan.Win32.Tasker.jqazlz
Avast	Win32:BankerX-gen [Trj]
Tencent	Malware.Win32.Gencirc.10bbe81e
TACHYON	Trojan/W32.Tasker.126464.B
Sophos	Mal/Generic-S
F-Secure	Heuristic.HEUR/AGEN.1317762
DrWeb	Trojan.DownLoader45.1081
Zillya	Trojan.ClipBanker.Win32.13801
McAfee-GW-Edition	BehavesLike.Win32.NetLoader.ch
Emsisoft	Gen:Variant.Doina.33620 (B)
SentinelOne	Static AI - Malicious PE
Jiangmin	Trojan.Tasker.cra
Avira	HEUR/AGEN.1317762
Antiy-AVL	Trojan/Win32.Tasker
Gridinsoft	Trojan.Win32.Gen.bot
Microsoft	Trojan:Win32/ClipBanker.DK!MTB
ZoneAlarm	HEUR:Trojan.Win32.Tasker.gen
GData	Win32.Trojan-Stealer.AllCome.A
Google	Detected
AhnLab-V3	Trojan/Win.Generic.C5006231
VBA32	BScope.Trojan.Tasker
ALYac	Gen:Variant.Doina.33620
MAX	malware (ai score=87)
Malwarebytes	Trojan.ClipBanker
Panda	Trj/GdSda.A
Rising	Trojan.ClipBanker!8.5FB (TFE:5:lsD8x0cCYBV)
Yandex	Trojan.Tasker!5o3/6kedH1o
Ikarus	Trojan-Spy.AllcomeClipper

fortnite3.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All