Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | March 27, 2024, 7:28 a.m. | March 27, 2024, 7:30 a.m. |
-
@Base.exe "C:\Users\test22\AppData\Local\Temp\@Base.exe"
508
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
147.124.220.237 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLS 1.2 192.168.56.103:49162 147.124.220.237:8123 |
C=XX, ST=N/A, L=N/A, O=Self-signed certificate, CN=147.124.220.237: Self-signed certificate | C=XX, ST=N/A, L=N/A, O=Self-signed certificate, CN=147.124.220.237: Self-signed certificate | 0c:cb:8b:7a:7e:9c:d6:98:e2:f4:4a:b9:4b:d4:bb:cd:77:d6:5c:e0 |
TLS 1.2 192.168.56.103:49164 147.124.220.237:8123 |
C=XX, ST=N/A, L=N/A, O=Self-signed certificate, CN=147.124.220.237: Self-signed certificate | C=XX, ST=N/A, L=N/A, O=Self-signed certificate, CN=147.124.220.237: Self-signed certificate | 0c:cb:8b:7a:7e:9c:d6:98:e2:f4:4a:b9:4b:d4:bb:cd:77:d6:5c:e0 |
TLS 1.2 192.168.56.103:49165 147.124.220.237:8123 |
C=XX, ST=N/A, L=N/A, O=Self-signed certificate, CN=147.124.220.237: Self-signed certificate | C=XX, ST=N/A, L=N/A, O=Self-signed certificate, CN=147.124.220.237: Self-signed certificate | 0c:cb:8b:7a:7e:9c:d6:98:e2:f4:4a:b9:4b:d4:bb:cd:77:d6:5c:e0 |
section | _RDATA |
host | 147.124.220.237 |
Bkav | W32.Common.48C7B81C |
Lionic | Trojan.Win32.Kryplod.4!c |
Elastic | malicious (high confidence) |
Cynet | Malicious (score: 99) |
ALYac | Trojan.Generic.35325343 |
Cylance | unsafe |
VIPRE | Trojan.Generic.35325343 |
Sangfor | Trojan.Win64.Rhadamanthys.V161 |
BitDefender | Trojan.Generic.35325343 |
Arcabit | Trojan.Generic.D21B059F |
Symantec | ML.Attribute.HighConfidence |
ESET-NOD32 | a variant of Win64/Kryptik.EHI |
APEX | Malicious |
Avast | Win64:PWSX-gen [Trj] |
Kaspersky | Trojan.Win64.Kryplod.bwpd |
Alibaba | Trojan:Win64/Rhadamanthys.b65760c0 |
MicroWorld-eScan | Trojan.Generic.35325343 |
Rising | Trojan.ShellCodeRunner!1.F7B6 (CLASSIC) |
Emsisoft | Trojan.Generic.35325343 (B) |
F-Secure | Trojan.TR/AD.Nekark.neafk |
DrWeb | Trojan.PWS.Siggen3.36585 |
Zillya | Trojan.Inject.Win32.346111 |
TrendMicro | TROJ_FRS.0NA104CC24 |
FireEye | Generic.mg.9437c89a5f9a51a4 |
Sophos | Mal/Generic-S |
Ikarus | Trojan.Win64.Crypt |
Detected | |
Avira | TR/AD.Nekark.neafk |
MAX | malware (ai score=85) |
Antiy-AVL | Trojan[PSW]/Win32.Rhadamanthys |
Kingsoft | Win32.Troj.Unknown.a |
Microsoft | Trojan:Win64/Rhadamanthys.GXZ!MTB |
ZoneAlarm | Trojan.Win64.Kryplod.bwpd |
GData | Trojan.Generic.35325343 |
Varist | W64/ABRisk.LBWU-9141 |
AhnLab-V3 | Trojan/Win.Malware-gen.R637934 |
DeepInstinct | MALICIOUS |
Malwarebytes | Spyware.PasswordStealer |
Panda | Trj/Chgt.AD |
TrendMicro-HouseCall | TROJ_FRS.0NA104CC24 |
Tencent | Malware.Win32.Gencirc.10bfb819 |
MaxSecure | Trojan.Malware.236628121.susgen |
Fortinet | W32/PossibleThreat |
AVG | Win64:PWSX-gen [Trj] |
CrowdStrike | win/malicious_confidence_100% (W) |
alibabacloud | Trojan:Win/Kryplod.bwpd |