Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	May 16, 2024, 9:03 a.m.	May 16, 2024, 9:07 a.m.

Size	1.7MB
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`7801b02953637126c9012fd6e630f790`
SHA256	`8456cbb869c382a7d7454a2493d571a6d836559c7e406c67a81e29713f14ca5d`
CRC32	`5B3F54A8`
ssdeep	`24576:EDNMN0Jj/ayV7yLInjprq+JFp2DeIhjBX1tL:qqsTRV7lnjpJLChjJL`
Yara	IsPE64 - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
104.26.13.205	Active	Moloch

No Suricata Alerts

No Suricata TLS

section

.symtab

Time & API	Arguments	Status	Return	Repeated
__exception__ May 16, 2024, 9:03 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 5894720 registers.r15: 0 registers.rcx: -1 registers.rsi: 2292481 registers.r10: 0 registers.rbx: -10000 registers.rsp: 2292760 registers.r11: 582 registers.r8: 2292800 registers.r9: 2292544 registers.rdx: 0 registers.r12: 2293328 registers.rbp: 2292824 registers.rdi: 4427232 registers.rax: 0 registers.r13: 0	1	0	0

host

104.26.13.205

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.Marte.4!c
Elastic	malicious (high confidence)
Cynet	Malicious (score: 99)
Skyhigh	Artemis
ALYac	Generic.Trojan.Scars.Marte.D.0DA35F00
Cylance	unsafe
VIPRE	Generic.Trojan.Scars.Marte.D.0DA35F00
Sangfor	Trojan.Win32.Save.a
BitDefender	Generic.Trojan.Scars.Marte.D.0DA35F00
Arcabit	Generic.Trojan.Scars.Marte.D.0DA35F00
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of WinGo/Agent.SS
McAfee	Artemis!7801B0295363
Avast	Win64:Evo-gen [Trj]
ClamAV	Win.Malware.Scarecrow-10009325-0
Kaspersky	HEUR:Trojan.Win64.GoShell.gen
Alibaba	Trojan:Win64/GoShell.f77f8275
MicroWorld-eScan	Generic.Trojan.Scars.Marte.D.0DA35F00
Emsisoft	Generic.Trojan.Scars.Marte.D.0DA35F00 (B)
F-Secure	Heuristic.HEUR/AGEN.1370823
FireEye	Generic.Trojan.Scars.Marte.D.0DA35F00
Sophos	ATK/ScareCrow-A
Ikarus	Trojan.WinGo.Agent
Google	Detected
Avira	HEUR/AGEN.1370823
MAX	malware (ai score=86)
Kingsoft	Win32.Troj.Unknown.a
Microsoft	Trojan:Win64/CobaltStrike.AMBG!MTB
ZoneAlarm	HEUR:Trojan.Win64.GoShell.gen
GData	Generic.Trojan.Scars.Marte.D.0DA35F00
Varist	W64/Marte.C.gen!Eldorado
AhnLab-V3	Trojan/Win.Generic.R606188
DeepInstinct	MALICIOUS
Malwarebytes	Generic.Malware.AI.DDS
Tencent	Trojan.Win64.GoShell.hb
SentinelOne	Static AI - Malicious PE
Fortinet	W64/GoDownloader.AQ!tr
AVG	Win64:Evo-gen [Trj]
alibabacloud	Trojan:Multi/CobaltStrike.AZHW3DGW

cmd.ps1