Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.22 06:09
audiodg.exe
09.22 06:09
psfod.exe
09.22 06:09
73EtsZxIoDetWTu.exe
09.22 06:09
otqp9.exe
09.22 06:09
xx.exe
09.22 06:09
fck.exe
09.22 06:09
LummaC222222.exe
09.22 06:09
seethebestwayforunders...
09.22 06:09
Name.exe
09.22 06:09
needmoney.exe

Latest News
09.22 06:09
국제 사이버범죄조직들에 맞서 치열한 전투...
09.22 05:09
Staffelstabübergabe de...
09.22 05:09
세일포인트, 금융기관 맞춤형 아이덴티티 ...
09.22 05:09
Where Did the Japanese...
09.22 05:09
모니터랩, 클라우드 플랫폼 기업으로 완전...
09.22 05:09
India Seeks Amazon, Fl...
09.22 05:09
Vodafone Idea Inks $3....
09.22 04:09
라온시큐어, “국내외 디지털 인증 시장 ...
09.22 04:09
에스에스알, AI·네트워크·IoT·모바일...
09.22 04:09
SGA솔루션즈, 클라우드 네이티브 보안 ...

Summary | ZeroBOX

SFT.zip

ZIP Format

Category	Machine	Started	Completed
FILE	s1_win7_x6402	Nov. 7, 2023, 9:49 a.m.	Nov. 7, 2023, 9:52 a.m.

Size	77.2KB
Type	Zip archive data, at least v1.0 to extract
MD5	`882e1e40bd642dac255ec144e37e06d0`
SHA256	`4223c5f9670a7015c6f791a03448e206a3f3021ed8d0fac75bba9b9fabe23556`
CRC32	`34834CAD`
ssdeep	`1536:m5famFENSxT/nIf38fgNXlVSSESOBA3FEE7etV5hFwrsT2q7:wS6ENS5IfbXlQSJsA36EuYAKq7`
Yara	zip_file_format - ZIP file format

Name	Response	Post-Analysis Lookup
www.ssl.com	A 3.213.199.135 A 3.209.197.161	3.209.197.161

IP Address	Status	Action
157.90.147.198	Active	Moloch
164.124.101.2	Active	Moloch
3.209.197.161	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.102:49170 -> 157.90.147.198:80	2013028	ET POLICY curl User-Agent Outbound	Attempted Information Leak
TCP 192.168.56.102:49170 -> 157.90.147.198:80	2034567	ET HUNTING curl User-Agent to Dotted Quad	Potentially Bad Traffic

Suricata TLS

No Suricata TLS

HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 event)

suspicious_features

Connection to IP address

suspicious_request

GET http://157.90.147.198/NkE/evoca

Performs some HTTP requests (2 events)

request	GET http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt
request	GET http://157.90.147.198/NkE/evoca

Communicates with host for which no DNS query was performed (1 event)

host

157.90.147.198