Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
01.18 04:01
svc.exe
01.18 04:01
RemittanceForms.exe
01.18 04:01
Aristois-Free.jar
01.18 10:01
setup641.msi
01.18 10:01
Needle_Setup.exe
01.18 10:01
8734_5737.exe
01.18 10:01
CondoGenerator.exe
01.18 10:01
QGFQTHIU.exe
01.18 10:01
4909_7122.exe
01.18 10:01
Updater.exe

Latest News
01.18 06:01
A PDA From An ESP32
01.18 06:01
Whatsapp: Diese 4 neue...
01.18 06:01
KI-Nostalgie: Llama 2 ...
01.18 06:01
Paxton: Vertriebsleite...
01.18 05:01
Anzeige: IT-Sicherheit...
01.18 04:01
New tool: immutable.py...
01.18 03:01
U.S. Sanctions Chinese...
01.18 03:01
A Field Expedient Weld...
01.18 12:01
No Crystal Earpiece? N...
01.18 11:01
TikTok Says to ‘Go Dar...

Summary | ZeroBOX

EHSU.zip

ZIP Format

Category	Machine	Started	Completed
FILE	s1_win7_x6402	Nov. 7, 2023, 9:43 a.m.	Nov. 7, 2023, 9:45 a.m.

Size	123.5KB
Type	Zip archive data, at least v2.0 to extract
MD5	`056f1e5e64d6246b96f5fa6b3322f3e1`
SHA256	`e62a3ff01cc8506f823372acfa552f39e5cd91ec6f8665614a850958e2aa7880`
CRC32	`6A6483C0`
ssdeep	`3072:f2UuzhQAkeZP1cwsr90DyU8j01n8hUhYE5d3VnC:OUuFQAkqawFDC018hUaQd3hC`
Yara	zip_file_format - ZIP file format

Name	Response	Post-Analysis Lookup
www.ssl.com	A 3.213.199.135 A 3.209.197.161	3.213.199.135

IP Address	Status	Action
164.124.101.2	Active	Moloch
167.235.241.120	Active	Moloch
3.213.199.135	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.102:49171 -> 167.235.241.120:80	2013028	ET POLICY curl User-Agent Outbound	Attempted Information Leak
TCP 192.168.56.102:49171 -> 167.235.241.120:80	2034567	ET HUNTING curl User-Agent to Dotted Quad	Potentially Bad Traffic
TCP 192.168.56.102:49170 -> 167.235.241.120:80	2013028	ET POLICY curl User-Agent Outbound	Attempted Information Leak
TCP 192.168.56.102:49170 -> 167.235.241.120:80	2034567	ET HUNTING curl User-Agent to Dotted Quad	Potentially Bad Traffic

Suricata TLS

No Suricata TLS

HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 event)

suspicious_features

Connection to IP address

suspicious_request

GET http://167.235.241.120/jogX/Olluc

Performs some HTTP requests (2 events)

request	GET http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt
request	GET http://167.235.241.120/jogX/Olluc

Communicates with host for which no DNS query was performed (1 event)

host

167.235.241.120