Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 5, 2024, 9:25 a.m.	Aug. 5, 2024, 9:27 a.m.

Size	45.0KB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`278d86f7b656fb8b1a901b2eea6fddfa`
SHA256	`50ce164844684892d697f16bc194d82841e4c1b951609d12bc26cab8b028192e`
CRC32	`818A95D4`
ssdeep	`768:huk0VT3ongoWU2Gjimo2qrgKjPGaG6PIyzjbFgX3ivYESIfQlvBDZCx:huk0VT3Q+25KTkDy3bCXSvYkfQlZdCx`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer AsyncRat - AsyncRat Payload Is_DotNET_EXE - (no description) IsPE32 - (no description) Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

Name	Response	Post-Analysis Lookup
6.tcp.ngrok.io	A 3.141.210.37	18.189.106.45

IP Address	Status	Action
164.124.101.2	Active	Moloch
3.141.210.37	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.101:59002 -> 164.124.101.2:53	2022642	ET INFO DNS Query to a *.ngrok domain (ngrok.io)	Misc activity

Suricata TLS

No Suricata TLS

File has been identified by 60 AntiVirus engines on VirusTotal as malicious (50 out of 60 events)

Bkav	W32.AIDetectMalware.CS
Lionic	Trojan.Win32.AsyncRAT.m!c
Elastic	Windows.Generic.Threat
CAT-QuickHeal	Trojan.IgenericFC.S14890850
Skyhigh	BehavesLike.Win32.Fareit.pm
ALYac	Generic.AsyncRAT.Marte.B.0F97FA65
Cylance	Unsafe
VIPRE	Generic.AsyncRAT.Marte.B.0F97FA65
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 005678321 )
BitDefender	Generic.AsyncRAT.Marte.B.0F97FA65
K7GW	Trojan ( 005678321 )
Cybereason	malicious.7b656f
Arcabit	Generic.AsyncRAT.Marte.B.0F97FA65
VirIT	Trojan.Win32.MSIL_Heur.A
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/AsyncRAT.A
APEX	Malicious
McAfee	Fareit-FZT!278D86F7B656
Avast	Win32:DropperX-gen [Drp]
ClamAV	Win.Packed.Razy-9625918-0
Kaspersky	HEUR:Backdoor.MSIL.Crysan.gen
Alibaba	Backdoor:MSIL/AsyncRat.6da40e33
SUPERAntiSpyware	Trojan.Agent/Gen-Kryptik
MicroWorld-eScan	Generic.AsyncRAT.Marte.B.0F97FA65
Rising	Trojan.AntiVM!1.CF63 (CLASSIC)
Emsisoft	Trojan.Agent (A)
F-Secure	Trojan.TR/Dropper.Gen
DrWeb	Trojan.Siggen9.56514
Zillya	Trojan.Agent.Win32.1334603
TrendMicro	Backdoor.MSIL.ASYNCRAT.SMXSR
McAfeeD	ti!50CE16484468
Trapmine	suspicious.low.ml.score
FireEye	Generic.mg.278d86f7b656fb8b
Sophos	Troj/AsyncRat-B
Ikarus	Backdoor.AsyncRat
Jiangmin	Backdoor.MSIL.gguk
Webroot	W32.Trojan.Dropper
Google	Detected
Avira	TR/Dropper.Gen
MAX	malware (ai score=87)
Kingsoft	malware.kb.c.1000
Gridinsoft	Trojan.Win32.AsyncRAT.tr
Microsoft	Backdoor:MSIL/AsyncRat.AD!MTB
ZoneAlarm	HEUR:Backdoor.MSIL.Crysan.gen
GData	MSIL.Backdoor.DCRat.D
Varist	W32/Samas.B.gen!Eldorado
AhnLab-V3	Malware/Win32.RL_Generic.C3558490
BitDefenderTheta	Gen:NN.ZemsilF.36810.cm0@aCcdPOb
DeepInstinct	MALICIOUS

Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (11 events)

dead_host	192.168.56.101:49171
dead_host	192.168.56.101:49167
dead_host	192.168.56.101:49169
dead_host	192.168.56.101:49166
dead_host	192.168.56.101:49165
dead_host	192.168.56.101:49164
dead_host	192.168.56.101:49174
dead_host	192.168.56.101:49173
dead_host	3.141.210.37:13280
dead_host	192.168.56.101:49172
dead_host	192.168.56.101:49163

AsyncClient.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All