Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	July 9, 2024, 9:53 a.m.	July 9, 2024, 9:57 a.m.

Size	2.5MB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`00a69916c649b8f347552f045d9529ef`
SHA256	`962e9a7e391ed22b6567bc43ea2e2e9e8e8750601562a8356ffcb15c649a3ca0`
CRC32	`F9295760`
ssdeep	`49152:MBeicQuxzs62GFUQsRALUKbtr4y8X2GcIqHwE2:MBeXxYAcAL5r4y8XqwE`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description)

Name	Response	Post-Analysis Lookup
xmr-us-east1.nanopool.org	A 51.222.106.253 A 51.79.71.77 A 51.222.200.133 A 51.222.12.201	51.222.12.201

IP Address	Status	Action
164.124.101.2	Active	Moloch
51.222.106.253	Active	Moloch

Flow	SID	Signature	Category
UDP 192.168.56.103:52760 -> 164.124.101.2:53	2033268	ET POLICY Observed DNS Query to Coin Mining Domain (nanopool .org)	Potential Corporate Privacy Violation
TCP 192.168.56.103:49164 -> 51.222.106.253:10300	2024792	ET POLICY Cryptocurrency Miner Checkin	Potential Corporate Privacy Violation
TCP 192.168.56.103:49164 -> 51.222.106.253:10300	2024792	ET POLICY Cryptocurrency Miner Checkin	Potential Corporate Privacy Violation

No Suricata TLS

section

.00cfg

Bkav	W64.AIDetectMalware
Elastic	Windows.Generic.Threat
Cynet	Malicious (score: 100)
CAT-QuickHeal	Trojan.CoinMiner.S32378657
Skyhigh	BehavesLike.Win64.Generic.vh
ALYac	Gen:Variant.Tedy.507405
Cylance	Unsafe
VIPRE	Gen:Variant.Tedy.507405
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 005af85d1 )
BitDefender	Gen:Variant.Tedy.507405
K7GW	Trojan ( 005af85d1 )
Cybereason	malicious.6c649b
Arcabit	Trojan.Tedy.D7BE0D
Symantec	Trojan.Coinminer!g3
ESET-NOD32	a variant of Win64/Kryptik.EDF
APEX	Malicious
McAfee	Kryptik-FVKL!00A69916C649
Avast	Win64:Evo-gen [Trj]
Kaspersky	HEUR:Trojan.Win32.Agent.pef
MicroWorld-eScan	Gen:Variant.Tedy.507405
Rising	Trojan.Kryptik!8.8 (TFE:5:puXfYWFTsfG)
Emsisoft	Gen:Variant.Tedy.507405 (B)
F-Secure	Heuristic.HEUR/AGEN.1371803
McAfeeD	ti!962E9A7E391E
FireEye	Gen:Variant.Tedy.507405
Sophos	Troj/Krypt-ADL
Ikarus	Trojan.Win64.Krypt
Jiangmin	Trojan.Reflo.oc
Google	Detected
Avira	HEUR/AGEN.1371803
Antiy-AVL	Trojan/Win64.GenKryptik
Kingsoft	malware.kb.a.1000
Microsoft	Trojan:Win64/CoinMiner!pz
ZoneAlarm	HEUR:Trojan.Win32.Agent.pef
GData	Gen:Variant.Tedy.507405
Varist	W64/Kryptik.LEH.gen!Eldorado
AhnLab-V3	Dropper/Win.DropperX-gen.R622355
DeepInstinct	MALICIOUS
VBA32	OScope.Trojan.Win64.Miner
Malwarebytes	Trojan.MalPack.Generic
Tencent	Trojan.Win64.Reflo.kb
MAX	malware (ai score=88)
Fortinet	W64/GenKryptik.GQCB!tr
AVG	Win64:Evo-gen [Trj]
CrowdStrike	win/malicious_confidence_70% (D)

SCM_1.exe