Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	July 26, 2024, 10:43 a.m.	July 26, 2024, 10:48 a.m.

Size	332.5KB
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`3fc6176c962e7a70da7cc35fbdaf3fdc`
SHA256	`0fb342f94f359c9f54205a979854b7a3a3910bb7e118f0fc44cead28ebd81f0d`
CRC32	`D37D03E4`
ssdeep	`6144:Ifb2qZR/Ir/fvq7PjtsDMoxyhluYOVI9/j5q2Bfui+tvvvvRtAQ:IT2qZR/ITf6rYrebjS`
PDB Path	I:\RottenPotatoNG\RottenPotatoEXE\x64\Release\MSFRottenPotato.pdb
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE64 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check

RP.exe "C:\Users\test22\AppData\Local\Temp\RP.exe"
184

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid

This executable has a PDB path (1 event)

pdb_path

I:\RottenPotatoNG\RottenPotatoEXE\x64\Release\MSFRottenPotato.pdb

Starts servers listening (5 events)

Time & API	Arguments	Status	Return
bind July 26, 2024, 10:43 a.m.	ip_address: 0.0.0.0 socket: 204 port: 6666	1	0
listen July 26, 2024, 10:43 a.m.	socket: 204 backlog: 2147483647	1	0
accept July 26, 2024, 10:43 a.m.	ip_address: socket: 204 port: 0	1	372
accept July 26, 2024, 10:43 a.m.	ip_address: socket: 204 port: 0	1	376
accept July 26, 2024, 10:43 a.m.	ip_address: socket: 204 port: 0	1	412

File has been identified by 57 AntiVirus engines on VirusTotal as malicious (50 out of 57 events)

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.RottenPotato.4!c
Elastic	malicious (high confidence)
Cynet	Malicious (score: 99)
Skyhigh	RDN/Generic PUP.z
ALYac	Exploit.RottenPotato.A
Cylance	Unsafe
VIPRE	Exploit.RottenPotato.A
Sangfor	PUP.Win32.Rottenpotato.Vtxv
K7AntiVirus	Trojan ( 0054919b1 )
BitDefender	Exploit.RottenPotato.A
K7GW	Trojan ( 0054919b1 )
Cybereason	malicious.c962e7
Arcabit	Exploit.RottenPotato.A
Symantec	Hacktool.Rotpotato!g1
ESET-NOD32	a variant of Win64/HackTool.JuicyPotato.D
McAfee	RDN/Generic PUP.z
ClamAV	Win.Tool.Rottenpotato-9822591-0
Kaspersky	HEUR:Trojan.Win32.RottenPotato.a
Alibaba	Trojan:Win32/RottenPotato.0367648b
NANO-Antivirus	Trojan.Win64.RottenPotato.ggktja
MicroWorld-eScan	Exploit.RottenPotato.A
Rising	Trojan.RottenPotato!8.112DE (CLOUD)
Emsisoft	Exploit.RottenPotato.A (B)
F-Secure	Trojan.TR/JuicyPotato.zdeuc
Zillya	Tool.JuicyPotato.Win64.13
TrendMicro	TROJ_GEN.R002C0PH523
McAfeeD	ti!0FB342F94F35
Trapmine	suspicious.low.ml.score
FireEye	Generic.mg.3fc6176c962e7a70
Sophos	ATK/RPotato-A
Jiangmin	Trojan.RottenPotato.cd
Webroot	W32.Adware.Gen
Google	Detected
Avira	TR/JuicyPotato.zdeuc
Antiy-AVL	HackTool/Win64.JuicyPotato
Gridinsoft	Trojan.Win64.Downloader.oa!s1
Xcitium	Malware@#2gv803ec2hv58
Microsoft	PUA:Win32/Presenoker
ZoneAlarm	HEUR:Trojan.Win32.RottenPotato.a
GData	Exploit.RottenPotato.A
Varist	W64/JuicyPotato.C.gen!Eldorado
AhnLab-V3	HackTool/Win.RottenPotato.R649243
DeepInstinct	MALICIOUS
VBA32	Trojan.RottenPotato
Malwarebytes	RiskWare.HackTool
Ikarus	Trojan.Win64.Hacktool
Panda	PUP/Hacktool
TrendMicro-HouseCall	TROJ_GEN.R002C0PH523
Tencent	Malware.Win32.Gencirc.11a35b41

RP.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All