popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

1907_2.zip

ZIP Format
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 July 24, 2023, 5:21 p.m. July 24, 2023, 5:24 p.m.
Size 2.1MB
Type Zip archive data, at least v2.0 to extract
MD5 16c3edc2eda2d4f64a25722073791f75
SHA256 1cbc7f1e161d8233f64762a48d0e9ca253e7c67ea72a3088c70b8e53d5ac20bb
CRC32 5DBB98B2
ssdeep 49152:8adcHZ2vRMmi9+s9vVaQj17Q2bqfekSVpKAyWgpfZ4rEna3DQDolVe5PWZ5FvcBY:Vd4YvRDi9+sXbWmkSblaardDUobAP+UY
Yara
  • zip_file_format - ZIP file format

Name Response Post-Analysis Lookup
geo.netsupportsoftware.com
A 51.142.119.24
A 62.172.138.8
CNAME geography.netsupportsoftware.com
A 62.172.138.67
62.172.138.8
unclesrug32.com
unclesrug31.com
A 185.209.30.136
185.209.30.136
IP Address Status Action
164.124.101.2 Active Moloch
185.209.30.136 Active Moloch
62.172.138.8 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.102:49170 -> 62.172.138.8:80 2034559 ET POLICY NetSupport GeoLocation Lookup Request Potential Corporate Privacy Violation
TCP 192.168.56.102:49169 -> 62.172.138.8:80 2034559 ET POLICY NetSupport GeoLocation Lookup Request Potential Corporate Privacy Violation
TCP 192.168.56.102:49166 -> 62.172.138.8:80 2034559 ET POLICY NetSupport GeoLocation Lookup Request Potential Corporate Privacy Violation

Suricata TLS

No Suricata TLS

suspicious_features GET method with no useragent header suspicious_request GET http://geo.netsupportsoftware.com/location/loca.asp
request GET http://geo.netsupportsoftware.com/location/loca.asp
Zillya Trojan.GenCBL.Win32.9416
Cyren W32/Tool.EQYN-2153
Kaspersky not-a-virus:RemoteAdmin.Win32.NetSup.i
DrWeb Program.RemoteAdmin.837
Jiangmin RemoteAdmin.NetSup.h
ZoneAlarm not-a-virus:HEUR:RemoteAdmin.Win32.NetSup.gen
Google Detected
Rising HackTool.NetSupport!1.E317 (CLASSIC)
Yandex Riskware.RemoteAdmin!myez5VmqQPE
MaxSecure Trojan.Malware.73446946.susgen
Fortinet Riskware/Application
dead_host 185.209.30.136:1313