Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	July 8, 2024, 9:49 a.m.	July 8, 2024, 9:51 a.m.

Size	7.6MB
Type	PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`f0e6f9c7b9ddc461c6929d4765a15eaa`
SHA256	`1dd95abfe38b356715b6c82c9163f67b155c4931a556c1347fa8c5576d1e8bc3`
CRC32	`9260DC74`
ssdeep	`98304:MSLd7sR4eOzi3hJ7tzNhN8iHiYCFwwxRvfW:pwz3rhRhdIZb`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer ftp_command - ftp command Antivirus - Contains references to security software IsPE32 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
82.157.80.216	Active	Moloch

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
WriteConsoleW July 8, 2024, 9:49 a.m.	buffer: 2024/07/08 09:49:18 Forking console_handle: 0x0000000b	1	1	0

section

.symtab

Time & API	Arguments	Status	Return	Repeated
LookupPrivilegeValueW July 8, 2024, 9:49 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1	0

cmdline

whoami

host

82.157.80.216

Time & API	Arguments	Status	Return	Repeated
LdrGetProcedureAddress July 8, 2024, 9:49 a.m.	ordinal: 0 function_address: 0x0018fe29 function_name: wine_get_version module: ntdll module_address: 0x76f10000		3221225785	0
LdrGetProcedureAddress July 8, 2024, 9:49 a.m.	ordinal: 0 function_address: 0x0018fe29 function_name: wine_get_version module: ntdll module_address: 0x76f10000		3221225785	0

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.ClipBanker.tscz
Elastic	malicious (high confidence)
ALYac	Generic.Application.Revhell.Marte.A.3F1A948D
Cylance	Unsafe
VIPRE	Generic.Application.Revhell.Marte.A.3F1A948D
Sangfor	Hacktool.Win64.Reversessh.Vu10
BitDefender	Generic.Application.Revhell.Marte.A.3F1A948D
Cybereason	malicious.7b9ddc
Arcabit	Generic.Application.Revhell.Marte.A.3F1A948D
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of WinGo/HackTool.ReverseSsh.A
McAfee	Artemis!F0E6F9C7B9DD
Avast	FileRepMalware [Misc]
Kaspersky	HEUR:HackTool.Win64.ReverseSSH.gen
Alibaba	HackTool:Win64/SuperShell.5db1feac
MicroWorld-eScan	Generic.Application.Revhell.Marte.A.3F1A948D
Rising	HackTool.ReverseSSH!1.EA42 (CLASSIC)
Emsisoft	Generic.Application.Revhell.Marte.A.3F1A948D (B)
McAfeeD	ti!1DD95ABFE38B
FireEye	Generic.Application.Revhell.Marte.A.3F1A948D
Sophos	Generic Reputation PUA (PUA)
Ikarus	Trojan.WinGo.Hacktool
Webroot	W32.HackTool.Gen
MAX	malware (ai score=86)
Kingsoft	Win32.Troj.Unknown.a
Gridinsoft	Hack.Win32.Patcher.sa
Microsoft	VirTool:Win64/SuperShell.A
ZoneAlarm	HEUR:HackTool.Win64.ReverseSSH.gen
GData	Generic.Application.Revhell.Marte.A.3F1A948D
DeepInstinct	MALICIOUS
Malwarebytes	Malware.AI.4286753950
Panda	Trj/CI.A
TrendMicro-HouseCall	TROJ_GEN.R002H0DG724
Tencent	Win64.Hacktool.Reversessh.Ymhl
SentinelOne	Static AI - Suspicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	Adware/ReverseSsh
AVG	FileRepMalware [Misc]
Paloalto	generic.ml
alibabacloud	Backdoor:Multi/Supershell

win.exe