Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | Dec. 15, 2023, 6:14 p.m. | Dec. 15, 2023, 6:18 p.m. |
-
-
Jinbcck.exe "C:\Program Files (x86)\Microsoft Jhmbbb\Jinbcck.exe"
2676
-
Name | Response | Post-Analysis Lookup |
---|---|---|
www.996m2m2.top | 163.197.245.240 | |
users.qzone.qq.com | 43.159.233.101 | |
www.996-m2.xyz | 163.197.245.130 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 163.197.245.130:1881 -> 192.168.56.101:49161 | 2400015 | ET DROP Spamhaus DROP Listed Traffic Inbound group 16 | Misc Attack |
UDP 192.168.56.101:54148 -> 164.124.101.2:53 | 2023883 | ET DNS Query to a *.top domain - Likely Hostile | Potentially Bad Traffic |
TCP 43.129.2.81:443 -> 192.168.56.101:49167 | 2029340 | ET INFO TLS Handshake Failure | Potentially Bad Traffic |
TCP 43.129.2.81:443 -> 192.168.56.101:49169 | 2029340 | ET INFO TLS Handshake Failure | Potentially Bad Traffic |
TCP 43.129.2.81:443 -> 192.168.56.101:49168 | 2029340 | ET INFO TLS Handshake Failure | Potentially Bad Traffic |
TCP 163.197.245.130:1881 -> 192.168.56.101:49161 | 2045860 | ET HUNTING Rejetto HTTP File Sever Response | A Network Trojan was detected |
Suricata TLS
No Suricata TLS
suspicious_features | GET method with no useragent header | suspicious_request | GET http://users.qzone.qq.com/fcg-bin/cgi_get_portrait.fcg?uins=12345678 |
request | GET http://users.qzone.qq.com/fcg-bin/cgi_get_portrait.fcg?uins=12345678 |
domain | www.996m2m2.top | description | Generic top level domain TLD |
file | C:\Program Files\AppPatch\logng.dll |
section | {u'size_of_data': u'0x00001400', u'virtual_address': u'0x00005000', u'entropy': 7.524816536611518, u'name': u'UPX1', u'virtual_size': u'0x00002000'} | entropy | 7.52481653661 | description | A section with a high entropy has been found | |||||||||
entropy | 0.909090909091 | description | Overall entropy of this PE file is high |
section | UPX0 | description | Section name indicates UPX | ||||||
section | UPX1 | description | Section name indicates UPX | ||||||
section | UPX2 | description | Section name indicates UPX |
service_name | Wsrggg oapklizk | service_path | C:\Program Files (x86)\Microsoft Jhmbbb\Jinbcck.exe |
dead_host | 163.197.245.240:9090 |
Bkav | W32.AIDetectMalware |
Lionic | Trojan.Win32.Zegost.a!c |
tehtris | Generic.Malware |
MicroWorld-eScan | Trojan.Cud.Gen.2 |
FireEye | Generic.mg.6a23b6e2536f7027 |
CAT-QuickHeal | Trojan.Mauvaise.SL1 |
Skyhigh | BehavesLike.Win32.Downloader.lc |
ALYac | Trojan.Cud.Gen.2 |
Sangfor | Trojan.Win32.Save.a |
K7AntiVirus | Riskware ( 0040eff71 ) |
K7GW | Riskware ( 0040eff71 ) |
CrowdStrike | win/malicious_confidence_100% (W) |
Baidu | Win32.Trojan-Downloader.Agent.bh |
Symantec | SMG.Heur!gen |
Elastic | malicious (moderate confidence) |
ESET-NOD32 | a variant of Win32/TrojanDownloader.Agent.BJJ |
APEX | Malicious |
ClamAV | Win.Trojan.Agent-6443182-0 |
Kaspersky | Trojan-Downloader.Win32.Agent.hgxz |
BitDefender | Trojan.Cud.Gen.2 |
NANO-Antivirus | Trojan.Win32.Dwn.dygxrv |
Avast | Win32:Adware-gen [Adw] |
Tencent | Win32.Trojan-Downloader.Agent.Aujl |
Sophos | Troj/Zegost-ID |
F-Secure | Trojan.TR/Downloader.Gen |
DrWeb | Trojan.AVKill.63253 |
VIPRE | Trojan.Cud.Gen.2 |
TrendMicro | BKDR_ZEGOST.SM14 |
Trapmine | malicious.high.ml.score |
Emsisoft | Trojan.Cud.Gen.2 (B) |
SentinelOne | Static AI - Malicious PE |
MAX | malware (ai score=81) |
Jiangmin | Trojan.Generic.batqb |
Detected | |
Avira | TR/Downloader.Gen |
Varist | W32/Zegost.DY.gen!Eldorado |
Antiy-AVL | Trojan[Backdoor]/Win32.BigBadWolf.a |
Kingsoft | malware.kb.b.899 |
Microsoft | Trojan:Win32/Farfli.AW!MTB |
Xcitium | TrojWare.Win32.TrojanDownloader.Redosdru.FG@6j5x7c |
Arcabit | Trojan.Cud.Gen.2 |
ZoneAlarm | Trojan-Downloader.Win32.Agent.hgxz |
GData | Win32.Trojan-Downloader.Agent.WC |
Cynet | Malicious (score: 100) |
AhnLab-V3 | Trojan/Win32.Redosdru.R147282 |
McAfee | GenericRXAA-AA!6A23B6E2536F |
VBA32 | TrojanDownloader.Agent |
Cylance | unsafe |
Panda | Trj/CI.A |
TrendMicro-HouseCall | BKDR_ZEGOST.SM14 |