Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
01.18 04:01
svc.exe
01.18 04:01
RemittanceForms.exe
01.18 04:01
Aristois-Free.jar
01.18 10:01
setup641.msi
01.18 10:01
Needle_Setup.exe
01.18 10:01
8734_5737.exe
01.18 10:01
CondoGenerator.exe
01.18 10:01
QGFQTHIU.exe
01.18 10:01
4909_7122.exe
01.18 10:01
Updater.exe

Latest News
01.18 09:01
FBI Warned Agents It B...
01.18 09:01
JTAG & SWD Debuggi...
01.18 09:01
US Names One of the Ha...
01.18 06:01
A PDA From An ESP32
01.18 06:01
Whatsapp: Diese 4 neue...
01.18 06:01
KI-Nostalgie: Llama 2 ...
01.18 06:01
Paxton: Vertriebsleite...
01.18 05:01
Anzeige: IT-Sicherheit...
01.18 04:01
New tool: immutable.py...
01.18 03:01
U.S. Sanctions Chinese...

Summary | ZeroBOX

ebd.zip

ZIP Format

Category	Machine	Started	Completed
FILE	s1_win7_x6402	Oct. 11, 2023, 11:14 a.m.	Oct. 11, 2023, 11:17 a.m.

Size	7.9KB
Type	Zip archive data, at least v2.0 to extract
MD5	`6e1bfdcf1577db9886dd1440808ed4f2`
SHA256	`c3590bcfae6af3c0df14afb04c219ecbbfd831b341ece916448c20f6d9f1344c`
CRC32	`72248631`
ssdeep	`192:nUgiUtnSpDRwA88BIoHkhe2OXH4KmJrWo2XWwqbUrWMT+nu:n/tk2A88aoKCIS5mMT+nu`
Yara	zip_file_format - ZIP file format

Name	Response	Post-Analysis Lookup
secure.globalsign.com	A 104.18.21.226 CNAME global.prd.cdn.globalsign.com CNAME cdn.globalsigncdn.com.cdn.cloudflare.net A 104.18.20.226	104.18.21.226
vintagecarsforlife.com	A 162.33.179.65	162.33.179.65
prestige-castom.com	A 162.33.179.65	162.33.179.65

IP Address	Status	Action
104.18.20.226	Active	Moloch
162.33.179.65	Active	Moloch
164.124.101.2	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.102:49176 -> 162.33.179.65:2351	2013028	ET POLICY curl User-Agent Outbound	Attempted Information Leak
TCP 192.168.56.102:49180 -> 162.33.179.65:2351	2013028	ET POLICY curl User-Agent Outbound	Attempted Information Leak
TCP 192.168.56.102:49172 -> 162.33.179.65:2351	2013028	ET POLICY curl User-Agent Outbound	Attempted Information Leak
TCP 162.33.179.65:2351 -> 192.168.56.102:49172	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 162.33.179.65:2351 -> 192.168.56.102:49172	2014520	ET INFO EXE - Served Attached HTTP	Misc activity
TCP 192.168.56.102:49183 -> 162.33.179.65:2351	2013028	ET POLICY curl User-Agent Outbound	Attempted Information Leak
TCP 162.33.179.65:2351 -> 192.168.56.102:49180	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 162.33.179.65:2351 -> 192.168.56.102:49180	2014520	ET INFO EXE - Served Attached HTTP	Misc activity

Suricata TLS

No Suricata TLS

Performs some HTTP requests (1 event)

request

GET http://secure.globalsign.com/cacert/codesigningrootr45.crt

Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 event)

dead_host

162.33.179.65:8080