Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	March 30, 2024, 1:20 p.m.	March 30, 2024, 1:22 p.m.

Size	32.0KB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`3629444779e7e4fb9a023cda4f1473c6`
SHA256	`647b62057e0fce41fd1b3d7f4c99a834da671e36f4c72eb03bec9e7a34b24b35`
CRC32	`3DEFEDE6`
ssdeep	`384:I0bUe5XB4e0XIODzw0Q0mS03AWTxtTUFQqzFgObbV:9T9BufY55d2bV`
Yara	PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description) IsPE32 - (no description) Win_Backdoor_njRAT_Zero - Win Backdoor njRAT

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
165.227.31.192	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Communicates with host for which no DNS query was performed (1 event)

host

165.227.31.192

File has been identified by 61 AntiVirus engines on VirusTotal as malicious (50 out of 61 events)

Bkav	W32.AIDetectMalware.CS
Lionic	Trojan.MSIL.KeyLogger.l!c
Elastic	malicious (high confidence)
CAT-QuickHeal	Trojan.MsilFC.S20327749
Skyhigh	Trojan-FSCY!3629444779E7
ALYac	Trojan.GenericKDZ.61581
Cylance	unsafe
VIPRE	Trojan.GenericKDZ.61581
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 700000121 )
BitDefender	Trojan.GenericKDZ.61581
K7GW	Trojan ( 700000121 )
Cybereason	malicious.d7cd11
Arcabit	Trojan.Generic.DF08D
Baidu	MSIL.Backdoor.Bladabindi.a
VirIT	Backdoor.Win32.BladabindiNET.K
Symantec	Backdoor.Ratenjay!gen3
ESET-NOD32	a variant of MSIL/Bladabindi.AZ
APEX	Malicious
McAfee	Trojan-FSCY!3629444779E7
Avast	MSIL:Bladabindi-JK [Trj]
ClamAV	Win.Packed.njRAT-7445143-0
Kaspersky	HEUR:Trojan-Spy.MSIL.KeyLogger.gen
Alibaba	TrojanSpy:MSIL/KeyLogger.eab6f5cd
MicroWorld-eScan	Trojan.GenericKDZ.61581
Rising	Backdoor.njRAT!1.9E49 (CLASSIC)
Emsisoft	Trojan.GenericKDZ.61581 (B)
F-Secure	Trojan.TR/Dropper.Gen7
DrWeb	BackDoor.Bladabindi.16104
Zillya	Trojan.Bladabindi.Win32.108400
TrendMicro	Trojan.MSIL.BLADABINDI.SMJM06
Trapmine	malicious.moderate.ml.score
FireEye	Generic.mg.3629444779e7e4fb
Sophos	Mal/Bladabi-W
Ikarus	Trojan.MSIL.Bladabindi
Jiangmin	Trojan.MSIL.oetu
Google	Detected
Avira	TR/Dropper.Gen7
MAX	malware (ai score=100)
Antiy-AVL	Trojan/MSIL.Crypt
Gridinsoft	Backdoor.Win32.Gen.oa!s1
Xcitium	TrojWare.MSIL.Bladabindi.BGS@7lngf6
Microsoft	Trojan:MSIL/Bladabindi
ZoneAlarm	HEUR:Trojan-Spy.MSIL.KeyLogger.gen
GData	MSIL.Backdoor.Bladabindi.AV
Varist	W32/Razy.DC.gen!Eldorado
AhnLab-V3	Trojan/Win32.SpyGate.R292993
BitDefenderTheta	Gen:NN.ZemsilF.36744.cm0@a0BtCSp
TACHYON	Backdoor/W32.DN-NjRat.32768.V
DeepInstinct	MALICIOUS

Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (34 events)

dead_host	192.168.56.101:49191
dead_host	192.168.56.101:49171
dead_host	192.168.56.101:49192
dead_host	192.168.56.101:49165
dead_host	192.168.56.101:49175
dead_host	192.168.56.101:49176
dead_host	192.168.56.101:49184
dead_host	192.168.56.101:49180
dead_host	192.168.56.101:49193
dead_host	192.168.56.101:49188
dead_host	192.168.56.101:49166
dead_host	165.227.31.192:22806
dead_host	192.168.56.101:49168
dead_host	192.168.56.101:49177
dead_host	192.168.56.101:49172
dead_host	192.168.56.101:49185
dead_host	192.168.56.101:49163
dead_host	192.168.56.101:49181
dead_host	192.168.56.101:49194
dead_host	192.168.56.101:49189
dead_host	192.168.56.101:49167
dead_host	192.168.56.101:49169
dead_host	192.168.56.101:49178
dead_host	192.168.56.101:49173
dead_host	192.168.56.101:49186
dead_host	192.168.56.101:49182
dead_host	192.168.56.101:49195
dead_host	192.168.56.101:49190
dead_host	192.168.56.101:49170
dead_host	192.168.56.101:49179
dead_host	192.168.56.101:49164
dead_host	192.168.56.101:49174
dead_host	192.168.56.101:49187
dead_host	192.168.56.101:49183

msoffice.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All