Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | Aug. 7, 2023, 8:30 a.m. | Aug. 7, 2023, 8:40 a.m. |
-
demon.x64.exe "C:\Users\test22\AppData\Local\Temp\demon.x64.exe"
2540
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
157.245.47.66 | Active | Moloch |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 157.245.47.66:443 -> 192.168.56.101:49161 | 2037599 | ET ATTACK_RESPONSE Havoc/Sliver Framework TLS Certificate Observed | A Network Trojan was detected |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.101:49161 157.245.47.66:443 |
C=US, ST=Washington, L=Seattle, unknown=, unknown=6274, O=DEBUG, CN=157.245.47.66 | C=US, ST=Washington, L=Seattle, unknown=, unknown=6274, O=DEBUG, CN=157.245.47.66 | 85:61:c7:e7:c5:c0:ad:d8:64:79:ba:64:b7:b5:78:8d:6d:13:88:3d |
suspicious_features | POST method with no referer header, Connection to IP address | suspicious_request | POST https://157.245.47.66/funny_cat.gif | ||||||
suspicious_features | POST method with no referer header, Connection to IP address | suspicious_request | POST https://157.245.47.66/test.txt |
request | POST https://157.245.47.66/funny_cat.gif |
request | POST https://157.245.47.66/test.txt |
request | POST https://157.245.47.66/funny_cat.gif |
request | POST https://157.245.47.66/test.txt |
host | 157.245.47.66 |
Lionic | Trojan.Win32.Havoc.4!c |
MicroWorld-eScan | Trojan.Generic.33944143 |
FireEye | Trojan.Generic.33944143 |
McAfee | RDN/Generic BackDoor |
Malwarebytes | Malware.AI.1476941991 |
Sangfor | Backdoor.Win64.Havoc.Vi17 |
K7AntiVirus | Trojan ( 005a86411 ) |
Alibaba | Backdoor:Win64/Havoc.1bea8353 |
K7GW | Trojan ( 005a86411 ) |
Cybereason | malicious.aeebb9 |
Arcabit | Trojan.Generic.D205F24F |
Cyren | W64/ABRisk.RQFI-9008 |
Symantec | ML.Attribute.HighConfidence |
Elastic | malicious (high confidence) |
ESET-NOD32 | a variant of Win64/Havoc.D |
APEX | Malicious |
Cynet | Malicious (score: 100) |
Kaspersky | Backdoor.Win64.Havoc.agd |
BitDefender | Trojan.Generic.33944143 |
Avast | Win64:Evo-gen [Trj] |
Tencent | Malware.Win32.Gencirc.11aa33a9 |
Emsisoft | Trojan.Generic.33944143 (B) |
VIPRE | Trojan.Generic.33944143 |
TrendMicro | TROJ_GEN.R023C0PFH23 |
McAfee-GW-Edition | BehavesLike.Win64.Generic.nm |
Sophos | Generic Reputation PUA (PUA) |
Ikarus | Trojan.Win64.Havoc |
MAX | malware (ai score=89) |
Antiy-AVL | Trojan/Win64.Havoc |
Microsoft | Trojan:Win32/Wacatac.B!ml |
ZoneAlarm | Backdoor.Win64.Havoc.agd |
GData | Trojan.Generic.33944143 |
Detected | |
ALYac | Trojan.Generic.33944143 |
Cylance | unsafe |
TrendMicro-HouseCall | TROJ_GEN.R023C0PFH23 |
Rising | Backdoor.Havoc!8.970A (TFE:3:5kYgA61wTIM) |
Yandex | Trojan.Havoc!bcVTcCF+0X4 |
MaxSecure | Trojan.Malware.209925362.susgen |
Fortinet | W64/Havoc.D!tr |
AVG | Win64:Evo-gen [Trj] |
DeepInstinct | MALICIOUS |
CrowdStrike | win/malicious_confidence_100% (W) |