Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | Oct. 31, 2023, 9:36 a.m. | Oct. 31, 2023, 9:38 a.m. |
-
bRbb.exe "C:\Users\test22\AppData\Local\Temp\bRbb.exe"
2548
Name | Response | Post-Analysis Lookup |
---|---|---|
salwanazeeze.ddns.net | ||
salwanazeeze.duckdns.org | 172.111.167.99 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
UDP 192.168.56.101:54148 -> 164.124.101.2:53 | 2028675 | ET POLICY DNS Query to DynDNS Domain *.ddns .net | Potentially Bad Traffic |
UDP 192.168.56.101:59002 -> 164.124.101.2:53 | 2042936 | ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain | Potentially Bad Traffic |
UDP 192.168.56.101:59002 -> 164.124.101.2:53 | 2022918 | ET INFO DYNAMIC_DNS Query to *.duckdns. Domain | Misc activity |
UDP 192.168.56.101:55146 -> 164.124.101.2:53 | 2042936 | ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain | Potentially Bad Traffic |
UDP 192.168.56.101:55146 -> 164.124.101.2:53 | 2022918 | ET INFO DYNAMIC_DNS Query to *.duckdns. Domain | Misc activity |
UDP 192.168.56.101:53004 -> 164.124.101.2:53 | 2042936 | ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain | Potentially Bad Traffic |
UDP 192.168.56.101:53004 -> 164.124.101.2:53 | 2022918 | ET INFO DYNAMIC_DNS Query to *.duckdns. Domain | Misc activity |
Suricata TLS
No Suricata TLS
domain | salwanazeeze.ddns.net |
domain | salwanazeeze.duckdns.org |
description | bRbb.exe tried to sleep 387 seconds, actually delayed analysis time by 387 seconds |
section | {u'size_of_data': u'0x00035600', u'virtual_address': u'0x0004f000', u'entropy': 7.937715550290868, u'name': u'UPX1', u'virtual_size': u'0x00036000'} | entropy | 7.93771555029 | description | A section with a high entropy has been found | |||||||||
entropy | 0.92025862069 | description | Overall entropy of this PE file is high |
section | UPX0 | description | Section name indicates UPX | ||||||
section | UPX1 | description | Section name indicates UPX |
Bkav | W32.AIDetectMalware |
Lionic | Trojan.Win32.Remcos.4!c |
Elastic | malicious (moderate confidence) |
MicroWorld-eScan | Generic.Dacic.A9349469.A.DE945D30 |
ClamAV | Win.Trojan.Remcos-9841897-0 |
CAT-QuickHeal | Trojan.GenericRI.S31067642 |
Skyhigh | BehavesLike.Win32.SpywareLyndra.dc |
McAfee | Artemis!5B876BD9A260 |
Malwarebytes | Malware.AI.4238095733 |
Zillya | Trojan.Rescoms.Win32.1480 |
Sangfor | Trojan.Win32.Save.a |
K7AntiVirus | Trojan ( 0053ba121 ) |
BitDefender | Generic.Dacic.A9349469.A.DE945D30 |
K7GW | Trojan ( 0053ba121 ) |
Cybereason | malicious.80340e |
Baidu | Win32.Trojan.Kryptik.awm |
VirIT | Trojan.Win32.Genus.TCT |
Symantec | Trojan.Remcos |
ESET-NOD32 | a variant of Win32/Rescoms.B |
APEX | Malicious |
Cynet | Malicious (score: 100) |
Kaspersky | HEUR:Backdoor.Win32.Remcos.gen |
Alibaba | Backdoor:Win32/Remcos.9d4b822f |
NANO-Antivirus | Trojan.Win32.Remcos.kakzkh |
ViRobot | Trojan.Win.Z.Remcos.238592.G |
Rising | Trojan.Rescoms!8.100A0 (TFE:5:FKuWrtG2iWT) |
Sophos | Mal/Emogen-Y |
F-Secure | Backdoor.BDS/Backdoor.Gen |
DrWeb | Trojan.DownLoader46.4974 |
VIPRE | Generic.Dacic.A9349469.A.DE945D30 |
TrendMicro | Backdoor.Win32.REMCOS.YXDJ4Z |
Trapmine | malicious.high.ml.score |
FireEye | Generic.mg.5b876bd9a2608e8d |
Emsisoft | Generic.Dacic.A9349469.A.DE945D30 (B) |
Ikarus | Win32.Outbreak |
GData | Generic.Dacic.A9349469.A.DE945D30 |
Jiangmin | Backdoor.Remcos.dwr |
Webroot | W32.Trojan.Remcos |
Detected | |
Avira | BDS/Backdoor.Gen |
Antiy-AVL | Trojan[Backdoor]/Win32.Rescoms.b |
Kingsoft | malware.kb.b.983 |
Gridinsoft | Trojan.Win32.Remcos.bot |
Arcabit | Generic.Dacic.A9349469.A.DE945D30 |
ZoneAlarm | HEUR:Backdoor.Win32.Remcos.gen |
Microsoft | Trojan:Win32/Remcos!ic |
Varist | W32/Trojan.GCT.gen!Eldorado |
AhnLab-V3 | Trojan/Win.QA.C5376648 |
BitDefenderTheta | Gen:NN.ZexaF.36792.omGfae25PQpi |
ALYac | Generic.Dacic.A9349469.A.DE945D30 |
dead_host | 192.168.56.101:49191 |
dead_host | 192.168.56.101:49161 |
dead_host | 192.168.56.101:49171 |
dead_host | 192.168.56.101:49192 |
dead_host | 192.168.56.101:49202 |
dead_host | 192.168.56.101:49175 |
dead_host | 192.168.56.101:49196 |
dead_host | 192.168.56.101:49176 |
dead_host | 192.168.56.101:49184 |
dead_host | 192.168.56.101:49180 |
dead_host | 192.168.56.101:49193 |
dead_host | 192.168.56.101:49203 |
dead_host | 192.168.56.101:49188 |
dead_host | 192.168.56.101:49166 |
dead_host | 192.168.56.101:49168 |
dead_host | 192.168.56.101:49197 |
dead_host | 192.168.56.101:49177 |
dead_host | 192.168.56.101:49172 |
dead_host | 192.168.56.101:49185 |
dead_host | 192.168.56.101:49163 |
dead_host | 192.168.56.101:49181 |
dead_host | 192.168.56.101:49194 |
dead_host | 192.168.56.101:49189 |
dead_host | 192.168.56.101:49167 |
dead_host | 192.168.56.101:49169 |
dead_host | 192.168.56.101:49200 |
dead_host | 192.168.56.101:49178 |
dead_host | 172.111.167.99:9595 |
dead_host | 192.168.56.101:49173 |
dead_host | 192.168.56.101:49186 |
dead_host | 192.168.56.101:49182 |
dead_host | 192.168.56.101:49190 |
dead_host | 192.168.56.101:49170 |
dead_host | 192.168.56.101:49199 |
dead_host | 192.168.56.101:49179 |
dead_host | 192.168.56.101:49164 |
dead_host | 192.168.56.101:49174 |
dead_host | 192.168.56.101:49187 |
dead_host | 192.168.56.101:49183 |