popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

crowdstrike-hotfix.zip

ZIP Format
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 July 20, 2024, 8:25 p.m. July 20, 2024, 8:28 p.m.
Size 3.9MB
Type Zip archive data, at least v2.0 to extract
MD5 1e84736efce206dc973acbc16540d3e5
SHA256 c44506fe6e1ede5a104008755abf5b6ace51f1a84ad656a2dccc7f2c39c0eca2
CRC32 5042BB25
ssdeep 98304:D7FFh0ObjLP706bh7a5Keyv0X5kWgrYhpz9mMZyz:DXf/bhYaYkFshpz9/yz
Yara
  • zip_file_format - ZIP file format

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch
213.5.130.58 Active Moloch
211.195.221.11 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.102:49169 -> 213.5.130.58:443 2036594 ET JA3 Hash - Remcos 3.x/4.x TLS Connection Malware Command and Control Activity Detected

Suricata TLS

Flow Issuer Subject Fingerprint
TLS 1.3
192.168.56.102:49169
213.5.130.58:443 		None None None

NANO-Antivirus Virus.Win32.Gen.ccmw
DrWeb Program.Unwanted.5405
Gridinsoft Trojan.U.Remcos.tr
Microsoft Trojan:Script/Wacatac.H!ml
Yandex Trojan.Penguish!TSEJtDi4xGw
MaxSecure Trojan.Malware.300983.susgen
host 213.5.130.58
host 211.195.221.11