Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Oct. 4, 2023, 10:29 a.m.	Oct. 4, 2023, 10:31 a.m.

Size	32.0KB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`e782fef1056c8725e60e298742004176`
SHA256	`3f9af37fe399e8cb8eb4e61f7541901788ec1f4b63f99a110fa025421010df43`
CRC32	`CCB914FC`
ssdeep	`384:w0bUe5XB4e0X0gONaiaXLilpknD+WTCtTUFQqz9TObb4:1T9BuizaXWlRpb4`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) Is_DotNET_EXE - (no description) Win_Backdoor_njRAT_Zero - Win Backdoor njRAT

Name	Response	Post-Analysis Lookup
patria.duckdns.org	A 46.246.82.16	46.246.82.16

IP Address	Status	Action
164.124.101.2	Active	Moloch
46.246.82.16	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49164 -> 46.246.82.16:2020	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	Malware Command and Control Activity Detected
UDP 192.168.56.101:59002 -> 164.124.101.2:53	2042936	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain	Potentially Bad Traffic
UDP 192.168.56.101:59002 -> 164.124.101.2:53	2022918	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain	Misc activity

Suricata TLS

No Suricata TLS

Connects to a Dynamic DNS Domain (1 event)

domain

patria.duckdns.org

File has been identified by 57 AntiVirus engines on VirusTotal as malicious (50 out of 57 events)

Lionic	Trojan.Win32.KeyLogger.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKDZ.61581
FireEye	Generic.mg.e782fef1056c8725
CAT-QuickHeal	Trojan.MsilFC.S20327749
McAfee	Trojan-FSCY!E782FEF1056C
Malwarebytes	Generic.Malware.AI.DDS
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 700000121 )
BitDefender	Trojan.GenericKDZ.61581
K7GW	Trojan ( 700000121 )
CrowdStrike	win/malicious_confidence_100% (W)
Arcabit	Trojan.Generic.DF08D
Baidu	MSIL.Backdoor.Bladabindi.a
VirIT	Trojan.Win32.MSIL_Heur.A
Cyren	W32/Razy.DC.gen!Eldorado
Symantec	Backdoor.Ratenjay!gen3
ESET-NOD32	a variant of MSIL/Bladabindi.AZ
Cynet	Malicious (score: 100)
APEX	Malicious
ClamAV	Win.Packed.njRAT-7445143-0
Kaspersky	HEUR:Trojan-Spy.MSIL.KeyLogger.gen
Alibaba	TrojanSpy:MSIL/KeyLogger.44c89fb7
Avast	MSIL:Bladabindi-JK [Trj]
Rising	Backdoor.njRAT!1.9E49 (CLASSIC)
Emsisoft	Trojan.GenericKDZ.61581 (B)
F-Secure	Trojan.TR/Dropper.Gen7
DrWeb	BackDoor.Bladabindi.16104
VIPRE	Trojan.GenericKDZ.61581
TrendMicro	TrojanSpy.MSIL.LIMEKEYLOG.SMLV
McAfee-GW-Edition	Trojan-FSCY!E782FEF1056C
Trapmine	malicious.moderate.ml.score
Sophos	Mal/Bladabi-W
Ikarus	Trojan.MSIL.Bladabindi
Jiangmin	Trojan.MSIL.oetu
Avira	TR/Dropper.Gen7
MAX	malware (ai score=81)
Antiy-AVL	Trojan/MSIL.Crypt
Xcitium	TrojWare.MSIL.Bladabindi.BGS@7lngf6
Microsoft	Trojan:MSIL/Bladabindi
ZoneAlarm	HEUR:Trojan-Spy.MSIL.KeyLogger.gen
GData	MSIL.Backdoor.Bladabindi.AV
Google	Detected
AhnLab-V3	Trojan/Win32.SpyGate.R292993
VBA32	TScope.Trojan.MSIL
ALYac	Trojan.GenericKDZ.61581
Cylance	unsafe
Panda	Trj/GdSda.A
TrendMicro-HouseCall	TrojanSpy.MSIL.LIMEKEYLOG.SMLV
Tencent	Msil.Trojan-Spy.Keylogger.Sgil

xkX69dIw9KOs.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All