Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	July 26, 2024, 10:39 a.m.	July 26, 2024, 10:51 a.m.

Size	155.5KB
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`2dd755be5842e71b304d2fbff93eb2a3`
SHA256	`a4778d50307de4ab13e48de90d72b7c5e19b4f9356a611a9faf95cfda0523c46`
CRC32	`16C1A088`
ssdeep	`3072:OkZ3S+4uT4jKhwkF5FETnXn74/8Q/kV1tZGKbJQ:O6SGTnhwS7KnXnI/KV`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE64 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check

RoguePotato.exe "C:\Users\test22\AppData\Local\Temp\RoguePotato.exe"
2552

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
45.33.6.223	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

_RDATA

Communicates with host for which no DNS query was performed (1 event)

host

45.33.6.223

File has been identified by 55 AntiVirus engines on VirusTotal as malicious (50 out of 55 events)

Bkav	W64.AIDetectMalware
Lionic	Hacktool.Win32.RoguePotato.3!c
Elastic	Windows.Exploit.FakePipe
Cynet	Malicious (score: 99)
Skyhigh	BehavesLike.Win64.Rootkit.ch
ALYac	Generic.RoguePotato.1.B9308A25
Cylance	Unsafe
VIPRE	Generic.RoguePotato.1.B9308A25
Sangfor	Hacktool.Win64.Roguepotato.V61h
K7AntiVirus	Trojan ( 00566ef31 )
BitDefender	Generic.RoguePotato.1.B9308A25
K7GW	Trojan ( 00566ef31 )
Cybereason	malicious.e5842e
Arcabit	Generic.RoguePotato.1.B9308A25
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win64/HackTool.RoguePotato.A
McAfee	Artemis!2DD755BE5842
Avast	Win64:HacktoolX-gen [Trj]
Kaspersky	HEUR:HackTool.Win64.RoguePotato.gen
Alibaba	HackTool:Win64/RoguePotato.04d9ad74
MicroWorld-eScan	Generic.RoguePotato.1.B9308A25
Rising	HackTool.RoguePotato!8.11B0C (TFE:5:XEE7jVchXEU)
Emsisoft	Generic.RoguePotato.1.B9308A25 (B)
F-Secure	Trojan.TR/Agent.aauzm
Zillya	Tool.RoguePotato.Win64.1
TrendMicro	TROJ_GEN.R002C0DBC24
McAfeeD	ti!A4778D50307D
FireEye	Generic.mg.2dd755be5842e71b
Sophos	ATK/RPotato-C
SentinelOne	Static AI - Suspicious PE
Webroot	W32.Trojan.Gen
Google	Detected
Avira	TR/Agent.aauzm
MAX	malware (ai score=100)
Antiy-AVL	GrayWare/Win32.Generic
Kingsoft	Win32.Troj.Unknown.a
Xcitium	Malware@#102lv8uzt4o33
Microsoft	VirTool:Win32/RogueP.B!MTB
ZoneAlarm	HEUR:HackTool.Win64.RoguePotato.gen
GData	Generic.RoguePotato.1.B9308A25
Varist	W64/MSIL_Troj.APZ.gen!Eldorado
AhnLab-V3	Malware/Win64.Generic.R372564
DeepInstinct	MALICIOUS
Malwarebytes	Malware.AI.4273214749
Ikarus	Trojan.Win64.Hacktool
Panda	Trj/Agent.ABC
TrendMicro-HouseCall	TROJ_GEN.R002C0DBC24
Tencent	Malware.Win32.Gencirc.11662cf8
Yandex	Riskware.RoguePotato!G4+ry0v7GR8
MaxSecure	Trojan.Malware.1728101.susgen

RoguePotato.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All