Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	June 3, 2024, 9:34 a.m.	June 3, 2024, 9:40 a.m.

Size	10.9MB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`d43ac79abe604caffefe6313617079a3`
SHA256	`8b750884259dd004300a84505be782d05fca2e487a66484765a4a1e357b7c399`
CRC32	`A4FC4001`
ssdeep	`196608:SYvZvPF60956XHt6+YF+ELzL2Zjbn2YH0oD6DGcCwHbGkG:3Fcw5kHo5F+E+j7260oOYc`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature

123p.exe "C:\Users\test22\AppData\Local\Temp\123p.exe"
2644

Name	Response	Post-Analysis Lookup
pool.hashvault.pro	A 125.253.92.50 A 131.153.76.130	131.153.76.130

IP Address	Status	Action
131.153.76.130	Active	Moloch
164.124.101.2	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.101:53004 -> 164.124.101.2:53	2036289	ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro)	Crypto Currency Mining Activity Detected

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLS 1.3 192.168.56.101:49163 131.153.76.130:443	None	None	None

The executable contains unknown PE section names indicative of a packer (could be a false positive) (4 events)

section	.00cfg
section	.text0
section	.text1
section	.text2

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00adc400', u'virtual_address': u'0x00f7c000', u'entropy': 7.9772876366500185, u'name': u'.text2', u'virtual_size': u'0x00adc3fc'}

entropy

7.97728763665

description

A section with a high entropy has been found

entropy

0.998742703188

description

Overall entropy of this PE file is high

File has been identified by 58 AntiVirus engines on VirusTotal as malicious (50 out of 58 events)

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.Staser.4!c
Elastic	malicious (high confidence)
Cynet	Malicious (score: 99)
CAT-QuickHeal	Trojan.Staser
Skyhigh	BehavesLike.Win64.Generic.vc
ALYac	Trojan.GenericKD.72613065
Cylance	Unsafe
VIPRE	Trojan.GenericKD.72613065
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 0059f3491 )
BitDefender	Trojan.GenericKD.72613065
K7GW	Trojan ( 0059f3491 )
Arcabit	Trojan.Generic.D453FCC9
VirIT	Trojan.Win64.Agent.GRP
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of Win64/Packed.VMProtect.X suspicious
APEX	Malicious
McAfee	Artemis!D43AC79ABE60
Avast	Win64:Evo-gen [Trj]
Kaspersky	Trojan.Win32.Staser.evrq
Alibaba	Packed:Win64/VMProtect.151e49ca
NANO-Antivirus	Trojan.Win64.Staser.kmtwug
MicroWorld-eScan	Trojan.GenericKD.72613065
Rising	Trojan.Miner!8.EA1 (TFE:5:9RmvBkWOb3U)
Emsisoft	Trojan.GenericKD.72613065 (B)
F-Secure	Trojan.TR/Staser.ykqao
DrWeb	Trojan.Siggen28.42604
Zillya	Trojan.Staser.Win32.14202
TrendMicro	Trojan.Win64.PRIVATELOADER.YXEEBZ
McAfeeD	Real Protect-LS!D43AC79ABE60
FireEye	Generic.mg.d43ac79abe604caf
Sophos	Mal/Generic-S
Ikarus	PUA.VMProtect
Jiangmin	Trojan.Staser.qqa
Webroot	W32.Trojan.Gen
Google	Detected
Avira	TR/Staser.ykqao
MAX	malware (ai score=87)
Antiy-AVL	Trojan[Packed]/Win64.VMProtect
Kingsoft	Win32.Trojan.Staser.evrq
Microsoft	Trojan:Win64/Coinminer.RB!MTB
ZoneAlarm	Trojan.Win32.Staser.evrq
GData	Trojan.GenericKD.72613065
Varist	W64/ABMiner.BRJJ-9222
AhnLab-V3	Trojan/Win.CoinMiner.R637849
DeepInstinct	MALICIOUS
VBA32	Trojan.Miner
Malwarebytes	Trojan.MalPack
TrendMicro-HouseCall	Trojan.Win64.PRIVATELOADER.YXEEBZ

123p.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All