popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Pikabot_pw_H17.zip

ZIP Format
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 Nov. 10, 2023, 10:02 a.m. Nov. 10, 2023, 10:05 a.m.
Size 244.8KB
Type Zip archive data, at least v2.0 to extract
MD5 1e64f3868dc8dc63eea055b19f2a73d1
SHA256 a71cef0ad51fbc6ba884bfafe81caf4b96e0d9f269259a6ff1984256e7c7682a
CRC32 8E3D879A
ssdeep 6144:NM/+Y9PN/lpfuLPhbAy7EyHmFVYCRzGgQSH3kwatoupVNGY:G9PdOpbAylcVNRzFx3kBRTh
Yara
  • zip_file_format - ZIP file format

Name Response Post-Analysis Lookup
www.ssl.com
A 3.213.199.135
A 3.209.197.161
3.213.199.135
IP Address Status Action
164.124.101.2 Active Moloch
3.209.197.161 Active Moloch
49.13.31.229 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.102:49175 -> 49.13.31.229:80 2013028 ET POLICY curl User-Agent Outbound Attempted Information Leak
TCP 192.168.56.102:49175 -> 49.13.31.229:80 2034567 ET HUNTING curl User-Agent to Dotted Quad Potentially Bad Traffic
TCP 192.168.56.102:49171 -> 49.13.31.229:80 2013028 ET POLICY curl User-Agent Outbound Attempted Information Leak
TCP 192.168.56.102:49171 -> 49.13.31.229:80 2034567 ET HUNTING curl User-Agent to Dotted Quad Potentially Bad Traffic

Suricata TLS

No Suricata TLS

suspicious_features Connection to IP address suspicious_request GET http://49.13.31.229/tC1n0/insup
request GET http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt
request GET http://49.13.31.229/tC1n0/insup
host 49.13.31.229