Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	April 29, 2024, 2:38 p.m.	April 29, 2024, 2:39 p.m.

Size	2.5MB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`3b43da1be0c39802b78f6b2c55c4d7e6`
SHA256	`00f5cb420d8caf253b67e22714104ce1fb2d75341286c6e3ff31f527e7e5f5eb`
CRC32	`42BBF47A`
ssdeep	`49152:tq+bulp7HM3wpNbmZTfpuentlEt4TNBKpjQBHYKiLz01AkC:tq+EZHM3AsZfpuulEt4TNBY0BeU1Ak`
Yara	HelloXD_Ransomware - HelloXD Ransomware IsPE64 - (no description) PE_Header_Zero - PE File Signature

Exodus.exe "C:\Users\test22\AppData\Local\Temp\Exodus.exe"
2560

Name	Response	Post-Analysis Lookup
xmr-eu1.nanopool.org	A 51.15.58.224 A 141.94.23.83 A 163.172.154.142 A 54.37.232.103 A 146.59.154.106 A 162.19.224.121 A 212.47.253.124 A 54.37.137.114 A 51.15.65.182 A 51.89.23.91 A 51.15.193.130	51.15.193.130

IP Address	Status	Action
164.124.101.2	Active	Moloch
54.37.232.103	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.101:59002 -> 164.124.101.2:53	2033268	ET POLICY Observed DNS Query to Coin Mining Domain (nanopool .org)	Potential Corporate Privacy Violation

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLS 1.3 192.168.56.101:49163 54.37.232.103:10343	None	None	None

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.00cfg

File has been identified by 52 AntiVirus engines on VirusTotal as malicious (50 out of 52 events)

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.Miner.4!c
Cynet	Malicious (score: 100)
CAT-QuickHeal	Trojan.Miner.S32361963
Skyhigh	BehavesLike.Win64.Trojan.vh
ALYac	Trojan.GenericKD.72541409
VIPRE	Gen:Variant.Tedy.486310
Sangfor	CoinMiner.Win64.Kryptik.Vfkh
BitDefender	Trojan.GenericKD.72541409
K7GW	Trojan ( 005af85d1 )
K7AntiVirus	Trojan ( 005af85d1 )
Arcabit	Trojan.Generic.D452E4E1
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win64/Kryptik.EDF
APEX	Malicious
Avast	Win64:Evo-gen [Trj]
ClamAV	Win.Packed.Zusy-10017004-0
Kaspersky	HEUR:Trojan.Win32.Miner.pef
Alibaba	Trojan:Win64/CoinMiner.42418721
MicroWorld-eScan	Trojan.GenericKD.72541409
Rising	Trojan.Kryptik!8.8 (TFE:5:puXfYWFTsfG)
Emsisoft	Trojan.GenericKD.72541409 (B)
F-Secure	Heuristic.HEUR/AGEN.1371803
DrWeb	Trojan.Siggen28.37485
TrendMicro	Trojan.Win64.SMOKELOADER.YXEDZZ
FireEye	Generic.mg.3b43da1be0c39802
Sophos	Troj/Krypt-ADL
Ikarus	Trojan.Win64.Krypt
Webroot	W32.Coinminer.Gen
Google	Detected
Avira	HEUR/AGEN.1371803
Antiy-AVL	Trojan/Win64.GenKryptik
Kingsoft	Win32.Trojan.Miner.pef
Gridinsoft	Trojan.Win64.XMRig.tr
Xcitium	Malware@#3kmsw4y8kq8u7
Microsoft	Trojan:Win64/CoinMiner!pz
ZoneAlarm	HEUR:Trojan.Win32.Miner.pef
GData	Trojan.GenericKD.72541409
Varist	W64/Kryptik.LBJ.gen!Eldorado
AhnLab-V3	Dropper/Win.DropperX-gen.R622355
DeepInstinct	MALICIOUS
VBA32	OScope.Trojan.Win64.Miner
Malwarebytes	Trojan.MalPack.Generic
Panda	Trj/GdSda.A
TrendMicro-HouseCall	Trojan.Win64.SMOKELOADER.YXEDZZ
Tencent	Win32.Trojan.Miner.Kzfl
MAX	malware (ai score=82)
Fortinet	W64/GenKryptik.GQCB!tr
AVG	Win64:Evo-gen [Trj]

Exodus.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All