popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Banana.exe

Browser Login Data Stealer UPX ASPack Malicious Library PE File DLL OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 Sept. 16, 2023, 2:12 p.m. Sept. 16, 2023, 2:14 p.m.
Size 140.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 ab01a5c6d7bd2e1c03a532e1ccd03358
SHA256 2c6cce4c2f5838ce81a5000355a0401ca709b1edd662f580cd6e1d42988fdfc6
CRC32 6D00883E
ssdeep 3072:B9rwPGiSipIi3j9Dh0CxZogdNr1JUhPUQP4SLRm8Z4PqjzCp:/5iSQ10gHePxzCp
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
138.201.200.124 Active Moloch
164.124.101.2 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.102:49161 -> 138.201.200.124:80 2047625 ET MALWARE [ANY.RUN] Win32/Stealc Checkin (POST) A Network Trojan was detected
TCP 192.168.56.102:49161 -> 138.201.200.124:80 2018358 ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 Potentially Bad Traffic
TCP 192.168.56.102:49161 -> 138.201.200.124:80 2018358 ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 Potentially Bad Traffic
TCP 192.168.56.102:49161 -> 138.201.200.124:80 2018358 ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 Potentially Bad Traffic
TCP 192.168.56.102:49161 -> 138.201.200.124:80 2018358 ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 Potentially Bad Traffic
TCP 192.168.56.102:49161 -> 138.201.200.124:80 2018358 ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 Potentially Bad Traffic
TCP 192.168.56.102:49167 -> 138.201.200.124:80 2018358 ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 Potentially Bad Traffic
TCP 192.168.56.102:49167 -> 138.201.200.124:80 2018358 ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 Potentially Bad Traffic
TCP 192.168.56.102:49167 -> 138.201.200.124:80 2018358 ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 Potentially Bad Traffic
TCP 192.168.56.102:49167 -> 138.201.200.124:80 2018358 ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 Potentially Bad Traffic
TCP 192.168.56.102:49167 -> 138.201.200.124:80 2018358 ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 Potentially Bad Traffic
TCP 192.168.56.102:49167 -> 138.201.200.124:80 2018358 ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 Potentially Bad Traffic
TCP 192.168.56.102:49167 -> 138.201.200.124:80 2018358 ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 Potentially Bad Traffic
TCP 192.168.56.102:49167 -> 138.201.200.124:80 2018358 ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 Potentially Bad Traffic
TCP 192.168.56.102:49167 -> 138.201.200.124:80 2018358 ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
suspicious_features POST method with no referer header, Connection to IP address suspicious_request POST http://138.201.200.124/loghub/master
request POST http://138.201.200.124/loghub/master
request POST http://138.201.200.124/loghub/master
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 3000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73d72000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 3000
region_size: 0
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
3221225714 0
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Web Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\cgeeodpfagjceefieflmdfphplkenlfk
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielpathgobddffflal
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnpath
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\gjagmgpathdbbciopjhllkdnddhcglnemk
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\aijcbedoijmgnlmjeegjaglmepbmpkpi
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cgeeodpfagjceefieflmdfphplkenlfk
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\naepdomgkenhinolocfifgehpathddafch
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghpathoadd
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jhgnbkkipaallpehbohjmkbjofjdmepath
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobl
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fooolghllnmhmmndgjiamiiodkpenpbb
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\fdjamakpfbbddfjaooikfcpapjohcfmg
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\pdadjkfkgcafgbceimcpbkalnfnepbnk
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fdjamakpfbbddfjaooikfcpapjohcfmg
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hmeobnfnfcmdkdcmlblgagmfpfboieaf
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\lpilbniiabackdjcionkobglmddfbcjo
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhilaheimglignddkjgofkcbgekhenbh
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbml
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp
file C:\Users\test22\AppData\Local\Temp\bODs7gDHaDKLeNzf.dll
file C:\Users\test22\AppData\Local\Temp\bODs7gDHaDKLeNzf.dll
host 138.201.200.124
Bkav W32.AIDetectMalware
DrWeb Trojan.PWS.Stealer.37347
MicroWorld-eScan Trojan.GenericKDZ.102630
Malwarebytes Spyware.Stealer
VIPRE Trojan.GenericKDZ.102630
K7AntiVirus Trojan ( 005aa5f61 )
K7GW Trojan ( 005aa5f61 )
Cybereason malicious.cb6378
Arcabit Trojan.Generic.D190E6
BitDefenderTheta Gen:NN.ZexaF.36662.iuW@a40dE@oi
VirIT Trojan.Win32.Genus.TBH
Cyren W32/S-8669fa29!Eldorado
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win32/TrojanDownloader.Agent.HEY
Cynet Malicious (score: 100)
APEX Malicious
ClamAV Win.Malware.Stealerc-10007714-0
Kaspersky HEUR:Trojan-PSW.Win32.Stealerc.gen
BitDefender Trojan.GenericKDZ.102630
Avast Win32:TrojanX-gen [Trj]
Tencent Trojan-PSW.Win32.Stealerc.hq
Emsisoft Trojan.GenericKDZ.102630 (B)
McAfee-GW-Edition BehavesLike.Win32.Generic.ch
Trapmine malicious.moderate.ml.score
FireEye Generic.mg.ab01a5c6d7bd2e1c
Sophos Troj/Mystic-D
Jiangmin Trojan.PSW.Stealerc.bw
MAX malware (ai score=80)
Antiy-AVL Trojan/Win32.Midie
Microsoft Trojan:Win32/Sabsik.FL.B!ml
ZoneAlarm HEUR:Trojan-PSW.Win32.Stealerc.gen
GData Win32.Trojan.PSE.9TLXQ0
Google Detected
AhnLab-V3 Trojan/Win.TrojanX-gen.R600981
VBA32 BScope.TrojanPSW.Stealerc
ALYac Trojan.GenericKDZ.102630
Cylance unsafe
Panda Trj/GdSda.A
Rising Trojan.Generic@AI.100 (RDMK:vOsN7+paqE/xxP1j6lrJJw)
Yandex Trojan.DL.Agent!J3iOUFWmjAo
Ikarus Trojan-Downloader.Win32.Agent
MaxSecure Trojan.Malware.121218.susgen
Fortinet W32/Kryptik.0A1A!tr
AVG Win32:TrojanX-gen [Trj]
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_90% (D)