Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Jan. 17, 2024, 8:05 a.m.	Jan. 17, 2024, 8:14 a.m.

Size	396.0KB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`34a7dbf9c978714dd0679079c5445a10`
SHA256	`0c9093975346591d7fe991ed8bd448d21aaeb1d65b7c48122a19624e0775d583`
CRC32	`43E435AF`
ssdeep	`1536:XyK9MKyCC4UuOCWqeyGaOi2K+Sm6uCWqe+aOi2K+Sm6uuCuCWqeyGaOi2K+Sm6u9:XX9MLxuBXnAYy4AZ6qevcgJFW`
PDB Path	shrpubw.pdb
Yara	Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature IsPE64 - (no description)

rty27.exe "C:\Users\test22\AppData\Local\Temp\rty27.exe"
524

Name	Response	Post-Analysis Lookup
apps.identrust.com	A 23.67.53.27 A 23.67.53.17 CNAME a1952.dscq.akamai.net CNAME identrust.edgesuite.net	23.67.53.27
i.alie3ksgaa.com	A 154.92.15.189	154.92.15.189

IP Address	Status	Action
154.92.15.189	Active	Moloch
164.124.101.2	Active	Moloch
23.67.53.17	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.103:49164 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49162 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49165 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49167 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49177 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49168 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49166 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49192 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49173 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49170 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49193 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49176 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49172 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49175 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49184 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49186 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49178 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49187 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49190 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49189 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49188 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49197 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49213 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49201 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49216 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49204 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49221 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49207 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49224 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49214 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49230 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49231 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49232 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49240 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49241 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49247 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49196 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49248 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49215 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49251 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49217 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49257 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49225 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49259 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49235 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49261 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49239 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49277 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49245 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49278 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49249 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49282 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49253 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49286 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49255 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49287 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49266 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49304 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49271 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49312 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49275 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49322 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49284 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49323 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49285 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49303 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49314 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49318 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49326 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49330 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49332 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49335 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49174 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49244 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49179 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49252 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49169 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49183 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49256 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49185 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49264 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49171 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49203 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49268 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49205 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49270 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49206 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49273 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49211 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49274 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49212 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49281 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49218 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49290 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49291 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49222 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49294 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49238 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49295 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49242 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49297 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49180 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49258 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49298 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49262 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49299 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49182 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49263 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49301 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49269 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49305 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49283 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49306 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49296 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49310 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49300 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49316 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49302 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49317 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49308 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49327 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49311 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49329 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49331 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49334 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49191 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49336 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49337 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49194 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49195 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49198 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49199 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49208 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49220 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49223 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49200 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49226 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49202 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49209 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49210 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49228 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49219 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49227 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49229 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49233 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49234 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49236 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49243 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49250 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49237 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49254 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49272 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49279 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49280 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49307 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49309 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49313 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49315 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49246 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49319 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49324 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49325 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49328 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49260 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49265 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49267 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49276 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49288 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49289 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49292 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49293 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49320 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49321 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49333 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.103:49162 154.92.15.189:443	C=US, O=Let's Encrypt, CN=R3	CN=i.alie3ksgaa.com	e3:88:72:04:24:5c:12:17:a4:e2:c1:d9:33:f0:d9:60:91:71:d3:dc
TLSv1 192.168.56.103:49164 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49167 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49165 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49177 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49168 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49166 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49192 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49173 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49170 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49176 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49172 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49175 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49184 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49186 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49178 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49187 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49190 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49188 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49197 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49213 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49201 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49216 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49204 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49221 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49207 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49224 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49214 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49230 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49231 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49232 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49240 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49241 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49193 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49247 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49196 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49248 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49215 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49251 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49217 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49257 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49225 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49259 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49235 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49261 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49239 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49277 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49245 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49278 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49249 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49282 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49253 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49286 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49255 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49287 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49266 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49304 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49271 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49312 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49275 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49322 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49284 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49323 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49285 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49303 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49314 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49318 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49326 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49330 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49332 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49335 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49174 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49244 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49179 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49252 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49169 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49183 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49256 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49185 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49264 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49203 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49268 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49171 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49205 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49270 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49206 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49273 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49211 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49274 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49212 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49281 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49290 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49218 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49291 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49222 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49294 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49238 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49295 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49242 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49297 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49258 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49180 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49298 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49262 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49299 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49263 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49182 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49301 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49269 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49305 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49283 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49306 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49296 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49310 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49300 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49316 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49302 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49317 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49308 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49327 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49311 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49329 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49331 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49334 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49191 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49336 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49337 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49194 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49195 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49198 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49199 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49208 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49220 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49223 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49189 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49200 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49226 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49202 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49209 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49210 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49219 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49228 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49227 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49229 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49233 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49234 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49236 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49243 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49250 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49237 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49254 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49272 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49279 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49280 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49307 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49309 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49313 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49315 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49319 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49324 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49246 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49325 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49328 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49260 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49265 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49267 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49276 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49288 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49289 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49292 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49293 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49320 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49321 154.92.15.189:443	None	None	None
TLSv1 192.168.56.103:49333 154.92.15.189:443	None	None	None

Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid

This executable has a PDB path (1 event)

pdb_path

shrpubw.pdb

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

MUI

Performs some HTTP requests (1 event)

request

GET http://apps.identrust.com/roots/dstrootcax3.p7c

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Jan. 17, 2024, 7:58 a.m.	process_identifier: 524 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000ffcd8000 process_handle: 0xffffffffffffffff	1	0	0

Checks adapter addresses which can be used to detect virtual network interfaces (1 event)

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses Jan. 17, 2024, 7:58 a.m.	flags: 15 family: 0		111	0

Attempts to create or modify system certificates (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F81F111D0E5AB58D396F7BF525577FD30FDC95AA\Blob

File has been identified by 35 AntiVirus engines on VirusTotal as malicious (35 events)

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.Fabookie.4!c
Elastic	malicious (high confidence)
Cynet	Malicious (score: 99)
Skyhigh	BehavesLike.Win64.Dropper.fm
Cylance	unsafe
BitDefender	Trojan.GenericKD.71236651
Arcabit	Trojan.Generic.D43EFC2B
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win64/GenKryptik.GSSS
APEX	Malicious
McAfee	Artemis!34A7DBF9C978
Avast	Win64:Malware-gen
Kaspersky	Trojan.Win32.Fabookie.bwk
MicroWorld-eScan	Trojan.GenericKD.71236651
Rising	Trojan.Fabookie!8.11C3D (CLOUD)
Emsisoft	Trojan.GenericKD.71236651 (B)
F-Secure	Trojan.TR/AD.Swrort.wzhtj
DrWeb	Trojan.DownLoader46.47727
Sophos	Mal/Generic-S
Webroot	W32.Fabookie
Google	Detected
Avira	TR/AD.Swrort.wzhtj
Kingsoft	Win32.Trojan.Fabookie.bwk
Gridinsoft	Ransom.Win64.Wacatac.cl
Microsoft	Trojan:Win64/PrivateLoader.RPZ!MTB
ZoneAlarm	Trojan.Win32.Fabookie.bwk
GData	Win64.Trojan.Agent.GGD75K
Varist	W64/ABRisk.KAFK-4891
AhnLab-V3	Trojan/Win.Generic.R631490
DeepInstinct	MALICIOUS
Malwarebytes	Trojan.Fabookie
Fortinet	W32/PossibleThreat
AVG	Win64:Malware-gen
CrowdStrike	win/malicious_confidence_60% (W)

rty27.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All