Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	May 3, 2024, 7:39 a.m.	May 3, 2024, 7:48 a.m.

Size	15.2MB
Type	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5	`497d88a78d010a02672474e9cf67b5ff`
SHA256	`9126063b52d65731ff36f9f9eff80eaf9061e4252c47f1e425d0f4a70ced47d0`
CRC32	`C7F10A17`
ssdeep	`196608:HXfkkr/fY2/BIwEGnVKLfdGzhVYS70CZf:PzfDSwVKVS70CR`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer anti_vm_detect - Possibly employs anti-virtualization techniques UPX_Zero - UPX packed file

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch
167.71.205.181	Active	Moloch

No Suricata Alerts

Flow	Issuer	Subject	Fingerprint
TLS 1.3 192.168.56.103:49161 167.71.205.181:5443	None	None	None

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent May 3, 2024, 7:32 a.m.			0	0

section

.symtab

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses May 3, 2024, 7:32 a.m.	flags: 16 family: 0	1	0	0

host

167.71.205.181

Time & API	Arguments	Status	Return	Repeated
LdrGetProcedureAddress May 3, 2024, 7:32 a.m.	ordinal: 0 function_address: 0x000007fefe467a50 function_name: wine_get_version module: ntdll module_address: 0x00000000776c0000		-1073741511	0

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.Sliver.4!c
Cynet	Malicious (score: 99)
Skyhigh	BehavesLike.Win64.Sliver.wh
ALYac	DeepScan:Generic.Sliver.Marte.E.6B4797EE
Cylance	unsafe
VIPRE	DeepScan:Generic.Sliver.Marte.E.6B4797EE
Sangfor	HackTool.Win32.Sliver_Implant_64bit.uwccg
BitDefender	DeepScan:Generic.Sliver.Marte.E.6B4797EE
K7GW	Trojan ( 0059f2e01 )
K7AntiVirus	Trojan ( 0059f2e01 )
Arcabit	DeepScan:Generic.Sliver.Marte.E.6B4797EE
VirIT	Trojan.Win64.Genus.GOJ
Symantec	ML.Attribute.HighConfidence
Elastic	Multi.Trojan.Sliver
ESET-NOD32	a variant of WinGo/Agent.LO
APEX	Malicious
McAfee	Artemis!497D88A78D01
Avast	Win64:MalwareX-gen [Trj]
ClamAV	Win.File.Sliver-9942542-0
Kaspersky	HEUR:Trojan.Multi.MalGO.gen
Alibaba	Trojan:Win32/Sliver.dd180215
MicroWorld-eScan	DeepScan:Generic.Sliver.Marte.E.6B4797EE
Emsisoft	DeepScan:Generic.Sliver.Marte.E.6B4797EE (B)
F-Secure	Hack-Tool:W32/SBeacon.A
Zillya	Trojan.Agent.Win32.3888125
TrendMicro	Backdoor.Win64.SILVER.SMYXCFWAZ
FireEye	DeepScan:Generic.Sliver.Marte.E.6B4797EE
Sophos	ATK/Sliver-B
Ikarus	Trojan.WinGo.Shellcoderunner
Google	Detected
Avira	HEUR/AGEN.1366847
MAX	malware (ai score=89)
Antiy-AVL	Trojan/Multi.MalGO
Kingsoft	Win32.Troj.Unknown.a
Microsoft	VirTool:Win32/Sliver.D!MTB
ZoneAlarm	HEUR:Trojan.Multi.MalGO.gen
GData	DeepScan:Generic.Sliver.Marte.E.6B4797EE
DeepInstinct	MALICIOUS
Malwarebytes	Trojan.Sliver
Tencent	Win32.Trojan.Malgo.Bkjl
SentinelOne	Static AI - Malicious PE
Fortinet	W32/Agent.LO!tr
AVG	Win64:MalwareX-gen [Trj]
Paloalto	generic.ml

mm2.exe