Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.22 03:09
config.exe
09.22 03:09
game.exe
09.22 03:09
svchost.exe
09.22 03:09
66eef0d7ec94e_vrewgh12...
09.22 03:09
66eef0cc8034a_sdgdfs.exe
09.22 03:09
qq-1950222243-x%e2%80%...
09.22 03:09
nate.exe
09.22 03:09
66eef0d27af21_vfdsgfd.exe
09.22 03:09
Autoupdate.exe
09.22 03:09
feelniceforgivenmegrea...

Latest News
09.22 04:09
SGA솔루션즈, 클라우드 네이티브 보안 ...
09.22 03:09
S2W, AI 기술과 위협 인텔리전스 역...
09.22 03:09
탈레스, 양자 시대 보안위협 대비 사이버...
09.22 02:09
디지서트, 디지털 신뢰 분야 글로벌 선도...
09.22 02:09
넷앤드, 시스템 접근통제 및 계정관리 분...
09.22 02:09
FreeCAD is Near 1.0
09.22 02:09
토큰증권 플랫폼 펀블, ‘현대테라타워DM...
09.22 12:09
[PASCON 2024-리뷰] 굿모닝아이...
09.22 12:09
[PASCON 2024-강연] 박나룡 소...
09.22 12:09
2024-09-19 - File down...

Summary | ZeroBOX

EHSU.zip

ZIP Format

Category	Machine	Started	Completed
FILE	s1_win7_x6402	Nov. 7, 2023, 9:43 a.m.	Nov. 7, 2023, 9:45 a.m.

Size	123.5KB
Type	Zip archive data, at least v2.0 to extract
MD5	`056f1e5e64d6246b96f5fa6b3322f3e1`
SHA256	`e62a3ff01cc8506f823372acfa552f39e5cd91ec6f8665614a850958e2aa7880`
CRC32	`6A6483C0`
ssdeep	`3072:f2UuzhQAkeZP1cwsr90DyU8j01n8hUhYE5d3VnC:OUuFQAkqawFDC018hUaQd3hC`
Yara	zip_file_format - ZIP file format

Name	Response	Post-Analysis Lookup
www.ssl.com	A 3.213.199.135 A 3.209.197.161	3.213.199.135

IP Address	Status	Action
164.124.101.2	Active	Moloch
167.235.241.120	Active	Moloch
3.213.199.135	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.102:49171 -> 167.235.241.120:80	2013028	ET POLICY curl User-Agent Outbound	Attempted Information Leak
TCP 192.168.56.102:49171 -> 167.235.241.120:80	2034567	ET HUNTING curl User-Agent to Dotted Quad	Potentially Bad Traffic
TCP 192.168.56.102:49170 -> 167.235.241.120:80	2013028	ET POLICY curl User-Agent Outbound	Attempted Information Leak
TCP 192.168.56.102:49170 -> 167.235.241.120:80	2034567	ET HUNTING curl User-Agent to Dotted Quad	Potentially Bad Traffic

Suricata TLS

No Suricata TLS

HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 event)

suspicious_features

Connection to IP address

suspicious_request

GET http://167.235.241.120/jogX/Olluc

Performs some HTTP requests (2 events)

request	GET http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt
request	GET http://167.235.241.120/jogX/Olluc

Communicates with host for which no DNS query was performed (1 event)

host

167.235.241.120