popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

htmljason.vbs

  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Nov. 28, 2023, 9:16 a.m. Nov. 28, 2023, 9:22 a.m.
Size 197.2KB
Type Little-endian UTF-16 Unicode text, with very long lines, with CRLF line terminators
MD5 e64be178e12b020963cc38980edc18f8
SHA256 9b36f007ee4269cab9614e8fd91217bd6ef13200c7fd9e03beb60dbe97cd339d
CRC32 0FA99BA9
ssdeep 3072:9vbvTvUfvrvZvHvVvAvvvgvlvPoPiKDYPs1QFyINQzbnRPPPPPjdPPPPPJfPPPPI:Bb56jt
Yara None matched

Name Response Post-Analysis Lookup
paste.ee
A 172.67.187.200
A 104.21.84.67
172.67.187.200
IP Address Status Action
164.124.101.2 Active Moloch
172.67.187.200 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.103:49161 -> 172.67.187.200:443 2034978 ET POLICY Pastebin-style Service (paste .ee) in TLS SNI Potential Corporate Privacy Violation
TCP 192.168.56.103:49161 -> 172.67.187.200:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49161 -> 172.67.187.200:443 2034978 ET POLICY Pastebin-style Service (paste .ee) in TLS SNI Potential Corporate Privacy Violation

Suricata TLS

Flow Issuer Subject Fingerprint
TLSv1
192.168.56.103:49161
172.67.187.200:443 		C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 CN=paste.ee 75:09:97:90:38:ad:dd:cc:0d:1b:d8:8b:02:ab:5d:a9:3b:7a:1f:1d

request GET https://paste.ee/d/GTjJl
Time & API Arguments Status Return Repeated

WSASend

 buffer: kgee1zlµZM•¹öZÆv¥´ۗŸnîoWøÈUHë/5 ÀÀÀ À 28&ÿ paste.ee  
socket: 584
0 0

WSASend

 buffer: FBA#O*Ìþ¬¨§vÀC„Ÿxɱ@VóR¶Q›§>`„%Õo›˜:ði_º/{Á.$Vš‘øHcXü­Š¾9N¥0/7,+¾vÃü[œþä•G,e~{û“)å,Ú|˜HGË×Pºz w{÷
socket: 584
0 0

WSASend

 buffer: Àˆ¾ž&ë2ËÑ»$‡†) LÇl`eMH°1pðÙûÚ8—ÔÓñ¹yv€¨„ÑXð—GNÆ#J¤ü³¦–¡"Â"à)œl5¿Ìú9“rf—/Àž®[ïå$’ N½œPrS?äs0ŠU&±¡¸0>[s>Eyp6ÿf|!q8VÚt¯”# \°æA©ž?k© )z2 ,C+ÝòþáCìú­Í}­¤ôÉðƒ jˆ¼öõ’Ê#åAweK¯
socket: 584
0 0
FireEye VB:Trojan.Valyria.8641
Avast Script:SNH-gen [Drp]
Kaspersky HEUR:Trojan.Script.Generic
BitDefender VB:Trojan.Valyria.8641
MicroWorld-eScan VB:Trojan.Valyria.8641
Emsisoft VB:Trojan.Valyria.8641 (B)
VIPRE VB:Trojan.Valyria.8641
Ikarus Trojan-Downloader.VBS.Agent
Google Detected
Arcabit VB:Trojan.Valyria.D21C1
GData VB:Trojan.Valyria.8641
Varist VBS/Agent.BFC1!Eldorado
AhnLab-V3 Downloader/VBS.Generic.S2442
ALYac VB:Trojan.Valyria.8641
MAX malware (ai score=80)
AVG Script:SNH-gen [Drp]
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F81F111D0E5AB58D396F7BF525577FD30FDC95AA\Blob
Time & API Arguments Status Return Repeated

WSASend

 buffer: kgee1zlµZM•¹öZÆv¥´ۗŸnîoWøÈUHë/5 ÀÀÀ À 28&ÿ paste.ee  
socket: 584
0 0

WSASend

 buffer: FBA#O*Ìþ¬¨§vÀC„Ÿxɱ@VóR¶Q›§>`„%Õo›˜:ði_º/{Á.$Vš‘øHcXü­Š¾9N¥0/7,+¾vÃü[œþä•G,e~{û“)å,Ú|˜HGË×Pºz w{÷
socket: 584
0 0

WSASend

 buffer: Àˆ¾ž&ë2ËÑ»$‡†) LÇl`eMH°1pðÙûÚ8—ÔÓñ¹yv€¨„ÑXð—GNÆ#J¤ü³¦–¡"Â"à)œl5¿Ìú9“rf—/Àž®[ïå$’ N½œPrS?äs0ŠU&±¡¸0>[s>Eyp6ÿf|!q8VÚt¯”# \°æA©ž?k© )z2 ,C+ÝòþáCìú­Í}­¤ôÉðƒ jˆ¼öõ’Ê#åAweK¯
socket: 584
0 0