Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | June 27, 2024, 10:06 a.m. | June 27, 2024, 10:11 a.m. |
-
vi.exe "C:\Users\test22\AppData\Local\Temp\vi.exe"
808
Name | Response | Post-Analysis Lookup |
---|---|---|
ndearn.xyz | 76.223.67.189 | |
steamcommunity.com | 104.76.78.101 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.103:49166 -> 104.76.78.101:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 192.168.56.103:49161 -> 76.223.67.189:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 192.168.56.103:49163 -> 76.223.67.189:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.103:49166 104.76.78.101:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA | unknown=US, unknown=Washington, unknown=Private Organization, serialNumber=602 290 773, C=US, ST=Washington, L=Bellevue, O=Valve Corp, CN=store.steampowered.com | 10:20:2b:ee:30:69:cc:b6:ac:5e:47:04:71:ca:b0:75:78:51:58:f5 |
suspicious_features | GET method with no useragent header | suspicious_request | GET https://steamcommunity.com/profiles/76561199662282318 |
request | GET https://steamcommunity.com/profiles/76561199662282318 |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F81F111D0E5AB58D396F7BF525577FD30FDC95AA\Blob |
process | vi.exe | useragent | Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) AppleWebKit/534.6 (KHTML, like Gecko) Chrome/8.0.500.0 Safari/534.6 | ||||||
process | vi.exe | useragent | |||||||
process | vi.exe | useragent | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0 |
Bkav | W32.AIDetectMalware |
Lionic | Trojan.Win32.Vidar.i!c |
Elastic | Windows.Generic.Threat |
Cynet | Malicious (score: 99) |
Skyhigh | Artemis!Trojan |
ALYac | Trojan.PSW.Vidar |
Cylance | Unsafe |
VIPRE | Gen:Variant.Zusy.536758 |
Alibaba | Trojan:Win32/StealC.18308105 |
Cybereason | malicious.92bab8 |
Symantec | ML.Attribute.HighConfidence |
ESET-NOD32 | a variant of Win32/Vidar.A |
APEX | Malicious |
McAfee | Artemis!BAA9E1A92BAB |
Paloalto | generic.ml |
ClamAV | Win.Malware.Trojanx-10020177-0 |
Kaspersky | Trojan-PSW.Win32.Stealerc.lfc |
BitDefender | Gen:Variant.Zusy.536758 |
MicroWorld-eScan | Gen:Variant.Zusy.536758 |
Rising | Stealer.Agent!8.C2 (TFE:2:DQwxTsXk3kJ) |
Emsisoft | Gen:Variant.Zusy.536758 (B) |
F-Secure | Trojan.TR/AVI.vidar.vkkfn |
DrWeb | Trojan.PWS.Steam.37379 |
TrendMicro | TrojanSpy.Win32.VIDAR.YXEFZZ |
McAfeeD | Real Protect-LS!BAA9E1A92BAB |
Trapmine | malicious.high.ml.score |
FireEye | Generic.mg.baa9e1a92bab8527 |
Sophos | Troj/Stealc-AAB |
Ikarus | Trojan.Win32.Vidar |
Webroot | W32.ConvaGent |
Detected | |
Avira | TR/AVI.vidar.vkkfn |
MAX | malware (ai score=86) |
Antiy-AVL | Trojan[PSW]/Win32.StealerC |
Kingsoft | Win32.Trojan-PSW.Stealerc.lfc |
Gridinsoft | Spy.Win32.Vidar.tr |
Arcabit | Trojan.Zusy.D830B6 |
ViRobot | Trojan.Win.Z.Zusy.210432 |
ZoneAlarm | Trojan-PSW.Win32.Stealerc.lfc |
GData | Gen:Variant.Zusy.536758 |
Varist | W32/ABTrojan.GFVJ-3509 |
AhnLab-V3 | Trojan/Win.Generic.R651657 |
BitDefenderTheta | AI:Packer.3A35A2FB1F |
DeepInstinct | MALICIOUS |
VBA32 | BScope.TrojanPSW.Mars |
Malwarebytes | Malware.AI.111572029 |
TrendMicro-HouseCall | TrojanSpy.Win32.VIDAR.YXEFZZ |
SentinelOne | Static AI - Suspicious PE |
Fortinet | W32/Vidar.A!tr |
Panda | Trj/GdSda.A |