popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

nord.exe

AsyncRAT .NET framework(MSIL) UPX Malicious Library Malicious Packer .NET EXE PE File OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Nov. 6, 2023, 6:24 p.m. Nov. 6, 2023, 6:26 p.m.
Size 65.0KB
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 b3e87b107b029e8c0ab14b095119b263
SHA256 77ad2963052f0291093b58959c6af2723d952af6364393ede4e6e9575cd2da3a
CRC32 47370403
ssdeep 1536:KzT7Hw4Ci7MEody/IPegbbqwM3LKKDI7Uq53W8x:KzT7Hw4Ci7MEyy/I2gbbqX7XDI7UW3hx
Yara
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
  • Malicious_Packer_Zero - Malicious Packer
  • AsyncRat - AsyncRat Payload
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Is_DotNET_EXE - (no description)
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
136.243.151.123 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

host 136.243.151.123
dead_host 192.168.56.101:49171
dead_host 136.243.151.123:1234
dead_host 192.168.56.101:49170
dead_host 192.168.56.101:49167
dead_host 192.168.56.101:49169
dead_host 192.168.56.101:49166
dead_host 192.168.56.101:49168
dead_host 192.168.56.101:49165
dead_host 192.168.56.101:49164
dead_host 192.168.56.101:49163