Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe
11.15 01:11
msf.exe
11.15 01:11
lum250.exe
11.15 01:11
msf443.exe
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe

Latest News
11.16 12:11
Critical Unauthenticat...
11.16 12:11
BASIC Co-Inventor Thom...
11.16 09:11
존쿡 델리미트 외식 매장서 ‘연말맞이 다...
11.16 09:11
서울퓨처랩, 누적체험객 6만명 돌파…프로...
11.16 09:11
니지모리스튜디오 갤러리, 일본 일러스트 ...
11.16 09:11
RISC-V Pushes 400 Mill...
11.16 09:11
IT Sicherheitsnews tae...
11.16 07:11
Anduril’s Chair Consul...
11.16 07:11
Senators Call for Prob...
11.16 06:11
Microsoft Windows NTLM...

Summary | ZeroBOX

schtasks.exe

AsyncRAT .NET framework(MSIL) UPX Malicious Packer PE File OS Processor Check PE32 .NET EXE

Category	Machine	Started	Completed
FILE	s1_win7_x6401	July 12, 2023, 8:11 a.m.	July 12, 2023, 8:13 a.m.

Size	66.0KB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`24cd86ecb2c7e499e830f681f6308f41`
SHA256	`5873948842cd4f265c9f9035c8ecc72f73926a5c263f180ec43263d0da69e901`
CRC32	`DC8C346E`
ssdeep	`1536:m2wukvF1ak9gcKu5UYFLZazbUZrZlFHIhteg4rPlTGJx:m2dkvF1ak9Ku5UYFLZazbUB04dKx`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult AsyncRat - AsyncRat Payload Is_DotNET_EXE - (no description) PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description)

Name	Response	Post-Analysis Lookup
code2023.kozow.com	A 179.14.8.129	179.14.8.129

IP Address	Status	Action
164.124.101.2	Active	Moloch
179.14.8.129	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 179.14.8.129:8000 -> 192.168.56.101:49165	2030673	ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)	Domain Observed Used for C2 Detected
TCP 179.14.8.129:8000 -> 192.168.56.101:49165	2035595	ET MALWARE Generic AsyncRAT Style SSL Cert	Domain Observed Used for C2 Detected

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.101:49165 179.14.8.129:8000	CN=AsyncRAT Server	CN=AsyncRAT Server	c0:74:2f:cf:ac:08:26:95:4d:1f:b6:6f:1e:ab:22:b3:91:b1:75:90

No signatures