Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.21 02:09
random.exe
09.21 02:09
sdhsfd.exe
09.21 02:09
66edb89bc4073_crypted....
09.21 02:09
66ed33772bbe7_vdfhsjf1...
09.21 02:09
game.exe
09.21 02:09
66ebb3bf78bd6_Send.exe...
09.21 02:09
66ed33717e4c1_vfdshfda...
09.21 02:09
random.exe
09.21 02:09
66ed336eac985_vdfhssfd...
09.21 02:09
66ed7ef071886_crypted....

Latest News
09.22 01:09
03 - Identifying Signs...
09.22 01:09
Hacktivist Group Twelv...
09.22 01:09
Join us at Microsoft I...
09.22 01:09
How comprehensive secu...
09.21 11:09
LinkedIn Halts AI Data...
09.21 11:09
Ukraine Bans Telegram ...
09.21 11:09
Against Elitism
09.21 11:09
5 Best Practices For E...
09.21 10:09
Fälschung enttarnt: De...
09.21 10:09
ChatGPT o1: Revolution...

Summary | ZeroBOX

K1.zip

ZIP Format

Category	Machine	Started	Completed
FILE	s1_win7_x6402	July 23, 2024, 2:53 p.m.	July 23, 2024, 2:56 p.m.

Size	2.8MB
Type	Zip archive data, at least v2.0 to extract
MD5	`eb834c6eb71e2a950f9123b506ab4763`
SHA256	`016b443391531dc4a9bac3127fe82d6149b14ee529ff448de8d60c9868b74602`
CRC32	`0FA99A43`
ssdeep	`49152:lm0aitd+JLyeh79YQ+7svv3ujDg8tozVUaIiArjdaCbkq6CYKW7BSIV0:g0Z+td91IsHCdSz+pifCbkIeBFV0`
Yara	zip_file_format - ZIP file format

Name	Response	Post-Analysis Lookup
tveight8vs.top	A 185.68.93.123	185.68.93.123

IP Address	Status	Action
164.124.101.2	Active	Moloch
185.68.93.123	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 185.68.93.123:80 -> 192.168.56.102:49186	2400030	ET DROP Spamhaus DROP Listed Traffic Inbound group 31	Misc Attack
UDP 192.168.56.102:63709 -> 164.124.101.2:53	2054389	ET MALWARE Cryptbot CnC DGA Domain (eight8)	A Network Trojan was detected
UDP 192.168.56.102:63709 -> 164.124.101.2:53	2023883	ET DNS Query to a *.top domain - Likely Hostile	Potentially Bad Traffic
TCP 192.168.56.102:49186 -> 185.68.93.123:80	2054350	ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4	A Network Trojan was detected
TCP 192.168.56.102:49186 -> 185.68.93.123:80	2023882	ET INFO HTTP Request to a *.top domain	Potentially Bad Traffic
TCP 192.168.56.102:49187 -> 185.68.93.123:80	2054350	ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4	A Network Trojan was detected
TCP 192.168.56.102:49188 -> 185.68.93.123:80	2054350	ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4	A Network Trojan was detected

Suricata TLS

No Suricata TLS

HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 event)

suspicious_features

POST method with no referer header

suspicious_request

POST http://tveight8vs.top/v1/upload.php

Performs some HTTP requests (1 event)

request

POST http://tveight8vs.top/v1/upload.php

Sends data using the HTTP POST Method (1 event)

request

POST http://tveight8vs.top/v1/upload.php

Resolves a suspicious Top Level Domain (TLD) (1 event)

domain

tveight8vs.top

description

Generic top level domain TLD

File has been identified by 2 AntiVirus engines on VirusTotal as malicious (2 events)

NANO-Antivirus	Virus.Win32.Gen.ccmw
DrWeb	Program.Unwanted.5065