Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	July 2, 2024, 9:47 a.m.	July 2, 2024, 9:49 a.m.

Size	63.0KB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`b2e56a7b3dd03c8000e78544f540677d`
SHA256	`b193cf76307f762a9cdf61191cda685377b9a1ce2eba781647a134b5d9add7bd`
CRC32	`0C0D4C66`
ssdeep	`1536:PmImx6tX2kNff4sKu+UYFqVrjAbPAPv0FTTtWrPlTGBx:Pm9x6tmkN7Ku+UYFoAbP40Fn4d6x`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer AsyncRat - AsyncRat Payload Is_DotNET_EXE - (no description) IsPE32 - (no description) Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

Name	Response	Post-Analysis Lookup
wins19junspam.duckdns.org	A 192.169.69.26	192.169.69.26

IP Address	Status	Action
164.124.101.2	Active	Moloch
192.169.69.26	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.103:52760 -> 164.124.101.2:53	2042936	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain	Potentially Bad Traffic
UDP 192.168.56.103:52760 -> 164.124.101.2:53	2022918	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain	Misc activity

Suricata TLS

No Suricata TLS

Connects to a Dynamic DNS Domain (1 event)

domain

wins19junspam.duckdns.org

File has been identified by 51 AntiVirus engines on VirusTotal as malicious (50 out of 51 events)

Bkav	W32.AIDetectMalware.CS
Elastic	Windows.Generic.Threat
CAT-QuickHeal	Backdoor.MsilFC.S14901152
Skyhigh	BehavesLike.Win32.Fareit.km
ALYac	Generic.AsyncRAT.Marte.B.7F02B142
Cylance	Unsafe
VIPRE	Generic.AsyncRAT.Marte.B.7F02B142
Sangfor	Suspicious.Win32.Save.a
BitDefender	Generic.AsyncRAT.Marte.B.7F02B142
Cybereason	malicious.b3dd03
Arcabit	Generic.AsyncRAT.Marte.B.7F02B142
VirIT	Trojan.Win32.MSIL_Heur.B
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/AsyncRAT.A
APEX	Malicious
McAfee	PWS-FCQR!B2E56A7B3DD0
Avast	Win32:DropperX-gen [Drp]
ClamAV	Win.Packed.Razy-9625918-0
Kaspersky	HEUR:Backdoor.MSIL.Crysan.gen
MicroWorld-eScan	Generic.AsyncRAT.Marte.B.7F02B142
Rising	Trojan.AntiVM!1.CF63 (CLASSIC)
Emsisoft	Generic.AsyncRAT.Marte.B.7F02B142 (B)
F-Secure	Trojan.TR/Dropper.Gen
DrWeb	BackDoor.AsyncRATNET.2
McAfeeD	ti!B193CF76307F
FireEye	Generic.mg.b2e56a7b3dd03c80
Sophos	Troj/AsyncRat-B
Ikarus	Backdoor.AsyncRat
Jiangmin	Trojan.Banker.MSIL.hol
Webroot	W32.Dropper.Gen
Google	Detected
Avira	TR/Dropper.Gen
MAX	malware (ai score=87)
Kingsoft	malware.kb.c.1000
Microsoft	Backdoor:MSIL/AsyncRat.AD!MTB
ZoneAlarm	HEUR:Backdoor.MSIL.Crysan.gen
GData	MSIL.Backdoor.DCRat.D
Varist	W32/Samas.B.gen!Eldorado
AhnLab-V3	Malware/Win32.RL_Generic.C4267562
BitDefenderTheta	Gen:NN.ZemsilF.36808.dm0@aSmk2@h
DeepInstinct	MALICIOUS
VBA32	OScope.Backdoor.MSIL.Crysan
Malwarebytes	Generic.Malware.AI.DDS
Panda	Trj/GdSda.A
Tencent	Trojan.MSIL.Agent.kr
SentinelOne	Static AI - Malicious PE
MaxSecure	Win.MxResIcn.Heur.Gen
Fortinet	MSIL/Agent.CFQ!tr
AVG	Win32:DropperX-gen [Drp]
CrowdStrike	win/malicious_confidence_100% (D)

25.txt.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All