Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	June 20, 2024, 4:39 p.m.	June 20, 2024, 4:41 p.m.

Size	3.4MB
Type	Zip archive data, at least v2.0 to extract
MD5	`cbcb58ffe45c202c11bcf2070496aed6`
SHA256	`7126b9932dc0cdfe751340edfa7c4a14b69262eb1afd0530e6d1fdb2e25986dd`
CRC32	`59883784`
ssdeep	`98304:SyrPvG3UNpYqQLpXhHHeanDebmPL+okjWa1lu/:SyrPO3UDsdXp+z8+FWyE`
Yara	zip_file_format - ZIP file format

Name	Response	Post-Analysis Lookup
stafftest.ru
www.testswork.ru	A 82.97.240.167	82.97.240.167

IP Address	Status	Action
164.124.101.2	Active	Moloch
82.97.240.167	Active	Moloch

Flow	SID	Signature	Category
TCP 192.168.56.102:49167 -> 82.97.240.167:80	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	Potentially Bad Traffic

No Suricata TLS

request

GET http://www.testswork.ru/tmp2.exe

domain	www.testswork.ru				description	Russian Federation domain TLD
domain	stafftest.ru				description	Russian Federation domain TLD

Lionic	Trojan.ZIP.Agent.4!c
Elastic	malicious (high confidence)
Cynet	Malicious (score: 99)
CAT-QuickHeal	Trojan.CoinMiner
Skyhigh	VBS/Downloader.bk
ALYac	Trojan.Downloader.VBS.Agent
Malwarebytes	Generic.Malware.AI.DDS
VIPRE	Trojan.Agent.CUGN
Sangfor	CoinMiner.Win32.PhotoMiner.IOC
K7AntiVirus	Trojan ( 004da88f1 )
BitDefender	Trojan.Agent.CUGN
K7GW	Trojan ( 004da88f1 )
Baidu	Multi.Threats.InArchive
Symantec	SecurityRisk.gen1
ESET-NOD32	multiple detections
TrendMicro-HouseCall	WORM_COINMINER.QA
McAfee	Trojan-CoinMiner
Avast	Script:SNH-gen [Trj]
ClamAV	Win.Trojan.Coinminer-6622864-0
Kaspersky	Trojan.NSIS.Agent.pf
Alibaba	Trojan:Win32/CoinMiner.ali1002002
NANO-Antivirus	Trojan.Win32.BitCoinMiner.ddjqfi
MicroWorld-eScan	Trojan.Agent.CUGN
Rising	Downloader.Agent/VBS!1.CB16 (CLASSIC)
Emsisoft	Trojan.Agent.CUGN (B)
F-Secure	Trojan.TR/BitCoinMiner.fra
DrWeb	Trojan.BtcMine.1393
Zillya	Adware.Solimba.Win32.3282
TrendMicro	WORM_COINMINER.QA
FireEye	Trojan.Agent.CUGN
Sophos	Mal/Miner-C
Ikarus	Trojan-PSW.Win32.Tepfer
Jiangmin	TrojanDownloader.VBS.tm
Google	Detected
Avira	TR/Dropper.Gen
Antiy-AVL	Trojan[Downloader]/VBS.Agent
Kingsoft	Win32.Troj.Undef.a
Gridinsoft	Malware.U.Agent.cc
Xcitium	Malware@#3sedq8onoin2s
Arcabit	Trojan.Agent.CUGN
ViRobot	Dropper.S.BitCoinMiner.3552168
ZoneAlarm	Trojan.NSIS.Agent.pf
GData	Win32.Riskware.CoinMiner.DQ (2x)
Varist	W32/Coinminer.HM.gen!Eldorado
AhnLab-V3	Trojan/Win32.CoinMiner.R174018
BitDefenderTheta	AI:Packer.129981981F
DeepInstinct	MALICIOUS
VBA32	Trojan.Agent
Tencent	Nsis.Trojan.Agent.Jqil
Yandex	Trojan.Igent.bVl1Gm.41

info.zip