popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Bur_Oil_Company.zip

ZIP Format
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 Oct. 12, 2023, 10:31 a.m. Oct. 12, 2023, 10:33 a.m.
Size 1.5MB
Type Zip archive data, at least v1.0 to extract
MD5 7981e2f467362b08d22fad773e24df3b
SHA256 3ccf4a79e6dc06def1c928e1378a9ea64274089d0d6c4da758d0c9acab20324e
CRC32 10B08FD0
ssdeep 49152:0Y+ACumdRqBUaTKb2ZrpuoFsncXjkBTRlCHkH9MEniWm:0PxJowb2dphFsnmjkBTiHkH9DY
Yara
  • zip_file_format - ZIP file format

Name Response Post-Analysis Lookup
teleportfilmona.online
A 104.21.11.40
A 172.67.165.34
172.67.165.34
IP Address Status Action
164.124.101.2 Active Moloch
172.67.165.34 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.102:49179 -> 172.67.165.34:80 2048094 ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration Malware Command and Control Activity Detected
TCP 192.168.56.102:49173 -> 172.67.165.34:80 2048093 ET MALWARE [ANY.RUN] Win32/Lumma Stealer Check-In Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

suspicious_features POST method with no referer header suspicious_request POST http://teleportfilmona.online/api
request POST http://teleportfilmona.online/api
request POST http://teleportfilmona.online/api
ESET-NOD32 probably a variant of Win32/TrojanDownloader.Rugmi.ABC