bRbb.exe| Category | Machine | Started | Completed |
|---|---|---|---|
| FILE | s1_win7_x6401 | Oct. 31, 2023, 9:36 a.m. | Oct. 31, 2023, 9:38 a.m. |
-
bRbb.exe "C:\Users\test22\AppData\Local\Temp\bRbb.exe"
2548
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| salwanazeeze.ddns.net | ||
| salwanazeeze.duckdns.org | 172.111.167.99 |
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| UDP 192.168.56.101:54148 -> 164.124.101.2:53 | 2028675 | ET POLICY DNS Query to DynDNS Domain *.ddns .net | Potentially Bad Traffic |
| UDP 192.168.56.101:59002 -> 164.124.101.2:53 | 2042936 | ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain | Potentially Bad Traffic |
| UDP 192.168.56.101:59002 -> 164.124.101.2:53 | 2022918 | ET INFO DYNAMIC_DNS Query to *.duckdns. Domain | Misc activity |
| UDP 192.168.56.101:55146 -> 164.124.101.2:53 | 2042936 | ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain | Potentially Bad Traffic |
| UDP 192.168.56.101:55146 -> 164.124.101.2:53 | 2022918 | ET INFO DYNAMIC_DNS Query to *.duckdns. Domain | Misc activity |
| UDP 192.168.56.101:53004 -> 164.124.101.2:53 | 2042936 | ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain | Potentially Bad Traffic |
| UDP 192.168.56.101:53004 -> 164.124.101.2:53 | 2022918 | ET INFO DYNAMIC_DNS Query to *.duckdns. Domain | Misc activity |
Suricata TLS
No Suricata TLS
| domain | salwanazeeze.ddns.net |
| domain | salwanazeeze.duckdns.org |
| description | bRbb.exe tried to sleep 387 seconds, actually delayed analysis time by 387 seconds | |||
| section | {u'size_of_data': u'0x00035600', u'virtual_address': u'0x0004f000', u'entropy': 7.937715550290868, u'name': u'UPX1', u'virtual_size': u'0x00036000'} | entropy | 7.93771555029 | description | A section with a high entropy has been found | |||||||||
| entropy | 0.92025862069 | description | Overall entropy of this PE file is high | |||||||||||
| section | UPX0 | description | Section name indicates UPX | ||||||
| section | UPX1 | description | Section name indicates UPX | ||||||
| Bkav | W32.AIDetectMalware |
| Lionic | Trojan.Win32.Remcos.4!c |
| Elastic | malicious (moderate confidence) |
| MicroWorld-eScan | Generic.Dacic.A9349469.A.DE945D30 |
| ClamAV | Win.Trojan.Remcos-9841897-0 |
| CAT-QuickHeal | Trojan.GenericRI.S31067642 |
| Skyhigh | BehavesLike.Win32.SpywareLyndra.dc |
| McAfee | Artemis!5B876BD9A260 |
| Malwarebytes | Malware.AI.4238095733 |
| Zillya | Trojan.Rescoms.Win32.1480 |
| Sangfor | Trojan.Win32.Save.a |
| K7AntiVirus | Trojan ( 0053ba121 ) |
| BitDefender | Generic.Dacic.A9349469.A.DE945D30 |
| K7GW | Trojan ( 0053ba121 ) |
| Cybereason | malicious.80340e |
| Baidu | Win32.Trojan.Kryptik.awm |
| VirIT | Trojan.Win32.Genus.TCT |
| Symantec | Trojan.Remcos |
| ESET-NOD32 | a variant of Win32/Rescoms.B |
| APEX | Malicious |
| Cynet | Malicious (score: 100) |
| Kaspersky | HEUR:Backdoor.Win32.Remcos.gen |
| Alibaba | Backdoor:Win32/Remcos.9d4b822f |
| NANO-Antivirus | Trojan.Win32.Remcos.kakzkh |
| ViRobot | Trojan.Win.Z.Remcos.238592.G |
| Rising | Trojan.Rescoms!8.100A0 (TFE:5:FKuWrtG2iWT) |
| Sophos | Mal/Emogen-Y |
| F-Secure | Backdoor.BDS/Backdoor.Gen |
| DrWeb | Trojan.DownLoader46.4974 |
| VIPRE | Generic.Dacic.A9349469.A.DE945D30 |
| TrendMicro | Backdoor.Win32.REMCOS.YXDJ4Z |
| Trapmine | malicious.high.ml.score |
| FireEye | Generic.mg.5b876bd9a2608e8d |
| Emsisoft | Generic.Dacic.A9349469.A.DE945D30 (B) |
| Ikarus | Win32.Outbreak |
| GData | Generic.Dacic.A9349469.A.DE945D30 |
| Jiangmin | Backdoor.Remcos.dwr |
| Webroot | W32.Trojan.Remcos |
| Detected | |
| Avira | BDS/Backdoor.Gen |
| Antiy-AVL | Trojan[Backdoor]/Win32.Rescoms.b |
| Kingsoft | malware.kb.b.983 |
| Gridinsoft | Trojan.Win32.Remcos.bot |
| Arcabit | Generic.Dacic.A9349469.A.DE945D30 |
| ZoneAlarm | HEUR:Backdoor.Win32.Remcos.gen |
| Microsoft | Trojan:Win32/Remcos!ic |
| Varist | W32/Trojan.GCT.gen!Eldorado |
| AhnLab-V3 | Trojan/Win.QA.C5376648 |
| BitDefenderTheta | Gen:NN.ZexaF.36792.omGfae25PQpi |
| ALYac | Generic.Dacic.A9349469.A.DE945D30 |
| dead_host | 192.168.56.101:49191 |
| dead_host | 192.168.56.101:49161 |
| dead_host | 192.168.56.101:49171 |
| dead_host | 192.168.56.101:49192 |
| dead_host | 192.168.56.101:49202 |
| dead_host | 192.168.56.101:49175 |
| dead_host | 192.168.56.101:49196 |
| dead_host | 192.168.56.101:49176 |
| dead_host | 192.168.56.101:49184 |
| dead_host | 192.168.56.101:49180 |
| dead_host | 192.168.56.101:49193 |
| dead_host | 192.168.56.101:49203 |
| dead_host | 192.168.56.101:49188 |
| dead_host | 192.168.56.101:49166 |
| dead_host | 192.168.56.101:49168 |
| dead_host | 192.168.56.101:49197 |
| dead_host | 192.168.56.101:49177 |
| dead_host | 192.168.56.101:49172 |
| dead_host | 192.168.56.101:49185 |
| dead_host | 192.168.56.101:49163 |
| dead_host | 192.168.56.101:49181 |
| dead_host | 192.168.56.101:49194 |
| dead_host | 192.168.56.101:49189 |
| dead_host | 192.168.56.101:49167 |
| dead_host | 192.168.56.101:49169 |
| dead_host | 192.168.56.101:49200 |
| dead_host | 192.168.56.101:49178 |
| dead_host | 172.111.167.99:9595 |
| dead_host | 192.168.56.101:49173 |
| dead_host | 192.168.56.101:49186 |
| dead_host | 192.168.56.101:49182 |
| dead_host | 192.168.56.101:49190 |
| dead_host | 192.168.56.101:49170 |
| dead_host | 192.168.56.101:49199 |
| dead_host | 192.168.56.101:49179 |
| dead_host | 192.168.56.101:49164 |
| dead_host | 192.168.56.101:49174 |
| dead_host | 192.168.56.101:49187 |
| dead_host | 192.168.56.101:49183 |