Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | Sept. 11, 2023, 6:06 p.m. | Sept. 11, 2023, 6:09 p.m. |
-
Outstanding Balance Invoice.exe "C:\Users\test22\AppData\Local\Temp\Outstanding Balance Invoice.exe"
1636-
-
fxvvha.exe "C:\Users\test22\AppData\Local\Temp\fxvvha.exe"
1376
-
-
IP Address | Status | Action |
---|---|---|
103.224.182.252 | Active | Moloch |
164.124.101.2 | Active | Moloch |
172.67.172.5 | Active | Moloch |
192.187.101.110 | Active | Moloch |
194.58.112.174 | Active | Moloch |
199.21.76.77 | Active | Moloch |
199.59.243.224 | Active | Moloch |
206.237.167.5 | Active | Moloch |
45.33.6.223 | Active | Moloch |
66.29.149.4 | Active | Moloch |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.102:49182 -> 172.67.172.5:80 | 2032991 | ET INFO HTTP Request to a *.buzz domain | Potentially Bad Traffic |
TCP 192.168.56.102:49180 -> 172.67.172.5:80 | 2032991 | ET INFO HTTP Request to a *.buzz domain | Potentially Bad Traffic |
TCP 192.168.56.102:49181 -> 172.67.172.5:80 | 2032991 | ET INFO HTTP Request to a *.buzz domain | Potentially Bad Traffic |
TCP 199.21.76.77:80 -> 192.168.56.102:49185 | 2018141 | ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz | A Network Trojan was detected |
Suricata TLS
No Suricata TLS
section | .ndata |
request | POST http://www.houtaijiaju.com/stcf/ |
request | GET http://www.houtaijiaju.com/stcf/?RMuHL=1dqEu7FqG0Fk44M2SsORztBhqeVPz5dcffezXnqN6lUv5lMi6TOQp3fd1b+R5p9IBvl5i/IMrCH65j4DnfcQMtwjHinribTwYdLVWxQ=&J8=1fA1FL4 |
request | GET http://www.sqlite.org/2021/sqlite-dll-win32-x86-3340000.zip |
request | GET http://www.sqlite.org/2017/sqlite-dll-win32-x86-3190000.zip |
request | POST http://www.saintprojetdesalers.com/stcf/ |
request | GET http://www.saintprojetdesalers.com/stcf/?RMuHL=+e/LxL8BCb5JT2mwgKzbp1bNGh3lgePyU3D6l90SLvlYtUAerZBoaAu+StBCYI+EmdbaVLlpQ9qQs+tY0i0hLe/6ntyVXpS6CIyxXlk=&J8=1fA1FL4 |
request | POST http://www.ronikonmet.online/stcf/ |
request | GET http://www.ronikonmet.online/stcf/?RMuHL=uecC1YIjKds5pfO1EToES15TCdBTvi7vIYoUJgTFy6qDYT2nEUgo5MyoghBmj6FTuqUN6uVJE1bE0H4aXubCPUG1zI5pjeamkbBuCmA=&J8=1fA1FL4 |
request | POST http://www.hummall.com/stcf/ |
request | GET http://www.hummall.com/stcf/?RMuHL=Nk5K1Xbn5LNktyygdQF3BnmJ+burJ+ny2OkZcNPXdwEtJdOtq79vPWmp/B6BaLcWj3tVzmTo+5PqGZIC/UTM1vSFnsb91g1hVUGRl4c=&J8=1fA1FL4 |
request | POST http://www.admiralx-qjff.buzz/stcf/ |
request | GET http://www.admiralx-qjff.buzz/stcf/?RMuHL=/cN5NAnYyQNGkv6VI4g5hCl6zLANo+Uxyk0R0Gf4W9JvbRZK1NaF3DJOi9LLfoZAma38Eec3ft5h7udphOb57G+0pUhbPZipWhAdHO0=&J8=1fA1FL4 |
request | POST http://www.innovativefewsustra.com/stcf/ |
request | GET http://www.innovativefewsustra.com/stcf/?RMuHL=KMOD9sTNx2YSpovUrRJUEzn1Yx0Z43DK6JEh/zvUzYRR0vvq/o2vdjVBrU8HPW3QMgYOZkgxf1P3X+8HybL4wtlflHnPghnD15Ngsf8=&J8=1fA1FL4 |
request | POST http://www.aboutmart.info/stcf/ |
request | GET http://www.aboutmart.info/stcf/?RMuHL=U3Hdzf4+NthdwoRpHnYAtQn3xNbqAVbGixRD45JbkQ2tjCPrd668asZ32u/Z/WUAQbK0mo64IDMrfMoRJRydMFx21uDMy5x8Dc/xGxo=&J8=1fA1FL4 |
request | POST http://www.ozu-sushi.com/stcf/ |
request | POST http://www.houtaijiaju.com/stcf/ |
request | POST http://www.saintprojetdesalers.com/stcf/ |
request | POST http://www.ronikonmet.online/stcf/ |
request | POST http://www.hummall.com/stcf/ |
request | POST http://www.admiralx-qjff.buzz/stcf/ |
request | POST http://www.innovativefewsustra.com/stcf/ |
request | POST http://www.aboutmart.info/stcf/ |
request | POST http://www.ozu-sushi.com/stcf/ |
file | C:\Users\test22\AppData\Local\Temp\fxvvha.exe |
file | C:\Users\test22\AppData\Local\Temp\fxvvha.exe |
file | C:\Users\test22\AppData\Local\Temp\fxvvha.exe |
file | C:\Users\test22\AppData\Local\Temp\Outstanding Balance Invoice.exe |
Bkav | W32.AIDetectMalware |
Elastic | malicious (high confidence) |
MicroWorld-eScan | Trojan.Garf.Gen.7 |
FireEye | Generic.mg.e99e9e9e9e864b38 |
ALYac | Trojan.NSISX.Spy.Gen.24 |
Sangfor | Suspicious.Win32.Save.ins |
CrowdStrike | win/malicious_confidence_100% (D) |
Arcabit | Trojan.Garf.Gen.7 [many] |
BitDefenderTheta | Gen:NN.ZexaF.36662.juW@aWmTnjoi |
Cyren | W32/Ninjector.JO.gen!Eldorado |
Symantec | ML.Attribute.HighConfidence |
Cynet | Malicious (score: 100) |
APEX | Malicious |
Kaspersky | VHO:Trojan.Win32.Strab.gen |
BitDefender | Trojan.Garf.Gen.7 |
Avast | FileRepMalware [Trj] |
Emsisoft | Trojan.Garf.Gen.7 (B) |
VIPRE | Trojan.Garf.Gen.7 |
McAfee-GW-Edition | BehavesLike.Win32.Generic.fc |
Trapmine | malicious.moderate.ml.score |
Sophos | Generic ML PUA (PUA) |
Ikarus | Trojan.Win32.Injector |
Microsoft | Trojan:Win32/Sabsik.TE.B!ml |
ZoneAlarm | VHO:Trojan.Win32.Strab.gen |
GData | Trojan.NSISX.Spy.Gen.24 |
Detected | |
AhnLab-V3 | Infostealer/Win.Generic.R572994 |
MAX | malware (ai score=81) |
VBA32 | BScope.Trojan.Strab |
Rising | Trojan.Generic@AI.98 (RDML:Idko+9gJybsg4ebDRN6Ppg) |
SentinelOne | Static AI - Suspicious PE |
Fortinet | NSIS/Injector.ETGJ!tr |
AVG | FileRepMalware [Trj] |
DeepInstinct | MALICIOUS |