Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	July 18, 2023, 9:05 p.m.	July 18, 2023, 9:07 p.m.

Size	2.2MB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`bb3ca7c1c010c41508edcf5b15ef0995`
SHA256	`7a573ed881a8f248b0234dc96010900b78245416f5ccdaa28bf5601708b3fd6c`
CRC32	`B62CDF6C`
ssdeep	`24576:OOfsfKozBKHAhRh3KzPSA7R7Bt28SVSVlzyQOQZ9IEb68vL4R+2pYJeCYMXABtF:PBozBdhEV7q8bOQnIFWY+3Je0wt`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsPE64 - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature

InvictaStealer.exe "C:\Users\test22\AppData\Local\Temp\InvictaStealer.exe"
2556

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

section

_RDATA

description

InvictaStealer.exe tried to sleep 131 seconds, actually delayed analysis time by 104 seconds

Time & API	Arguments	Status	Return	Repeated
NtCreateFile July 18, 2023, 9:05 p.m.	create_disposition: 1 (FILE_OPEN) file_handle: 0x00000000000000ac filepath: \??\PhysicalDrive0 desired_access: 0x00100080 (FILE_READ_ATTRIBUTES\|SYNCHRONIZE) file_attributes: 0 () filepath_r: \??\PhysicalDrive0 create_options: 96 (FILE_NON_DIRECTORY_FILE\|FILE_SYNCHRONOUS_IO_NONALERT) status_info: 0 (FILE_SUPERSEDED) share_access: 3 (FILE_SHARE_READ\|FILE_SHARE_WRITE)	1	0	0
DeviceIoControl July 18, 2023, 9:05 p.m.	input_buffer: control_code: 458752 (IOCTL_DISK_GET_DRIVE_GEOMETRY) device_handle: 0x00000000000000ac output_buffer: Qÿ?	1	1	0

Bkav	W32.Common.396421F9
MicroWorld-eScan	Gen:Variant.Zusy.473412
McAfee	GenericRXAA-FA!BB3CA7C1C010
Malwarebytes	PasswordStealer.Spyware.Stealer.DDS
VIPRE	Gen:Variant.Zusy.473412
Arcabit	Trojan.Zusy.D73944
VirIT	Trojan.Win64.Agent.XH
Cyren	W64/S-1ba309c0!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win64/PSW.Agent.BK
Cynet	Malicious (score: 100)
Kaspersky	Trojan-PSW.Win64.Stealer.age
BitDefender	Gen:Variant.Zusy.473412
Avast	Win64:PWSX-gen [Trj]
Tencent	Malware.Win32.Gencirc.10be934d
TACHYON	Trojan-PWS/W64.InfoStealer.2280448
Emsisoft	Gen:Variant.Zusy.473412 (B)
F-Secure	Heuristic.HEUR/AGEN.1319430
DrWeb	Trojan.PWS.Stealer.37033
Zillya	Trojan.Stealer.Win64.160
FireEye	Gen:Variant.Zusy.473412
Ikarus	Trojan-PSW.Agent
Jiangmin	Trojan.PSW.Stealer.chb
Avira	HEUR/AGEN.1319430
Antiy-AVL	Trojan[Backdoor]/Win64.Mozaakai
Gridinsoft	Trojan.Win64.Agent.oa!s1
Microsoft	Trojan:Win32/Sysdupate!ic
ZoneAlarm	Trojan-PSW.Win64.Stealer.age
GData	Gen:Variant.Zusy.473412
Google	Detected
AhnLab-V3	Backdoor/Win.Mozaakai.R568695
ALYac	Gen:Variant.Zusy.473412
MAX	malware (ai score=82)
Rising	Backdoor.Mozaakai!8.11A7D (TFE:5:m459qOqnsqT)
MaxSecure	Trojan.Malware.205442763.susgen
Fortinet	W64/Agent.BK!tr
AVG	Win64:PWSX-gen [Trj]
DeepInstinct	MALICIOUS

InvictaStealer.exe