Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | Aug. 12, 2024, 8:48 a.m. | Aug. 12, 2024, 9:16 a.m. |
-
InstallerPack_20.1.23770_win64.exe "C:\Users\test22\AppData\Local\Temp\InstallerPack_20.1.23770_win64.exe"
884
Name | Response | Post-Analysis Lookup |
---|---|---|
iili.io | 104.21.235.69 | |
gcdnb.pbrd.co | 104.21.68.220 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 91.92.240.41:7575 -> 192.168.56.103:49162 | 2400012 | ET DROP Spamhaus DROP Listed Traffic Inbound group 13 | Misc Attack |
TCP 192.168.56.103:49162 -> 172.67.198.249:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 192.168.56.103:49164 -> 104.21.235.70:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.103:49162 172.67.198.249:443 |
C=US, O=Google Trust Services, CN=WE1 | CN=pbrd.co | 79:68:77:d6:5f:0e:f5:de:95:32:8b:ac:71:a4:7b:6d:21:61:a8:3f |
TLSv1 192.168.56.103:49164 104.21.235.70:443 |
C=US, O=Google Trust Services, CN=WE1 | CN=iili.io | 8f:d4:58:59:55:6a:03:e7:74:8c:f7:04:b1:7d:6a:76:4a:67:63:27 |
pdb_path | C:\agent\_work\66\s\build\ship\x86\burn.pdb |
section | .wixburn |
suspicious_features | GET method with no useragent header | suspicious_request | GET https://gcdnb.pbrd.co/images/6oHgYLgr6bK3.png?o=1 | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET https://iili.io/JNYCwle.png |
request | GET https://gcdnb.pbrd.co/images/6oHgYLgr6bK3.png?o=1 |
request | GET https://iili.io/JNYCwle.png |
host | 91.92.240.41 |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F81F111D0E5AB58D396F7BF525577FD30FDC95AA\Blob |
Bkav | W32.AIDetectMalware |
Lionic | Trojan.Win32.Rugmi.4!c |
Elastic | malicious (moderate confidence) |
CAT-QuickHeal | Trojan.Rugmi |
Cylance | Unsafe |
Symantec | Trojan.Gen.MBT |
ESET-NOD32 | Win32/TrojanDownloader.Rugmi.AAN |
Avast | Win32:Malware-gen |
Kaspersky | UDS:Trojan.Win32.Penguish |
F-Secure | Trojan.TR/AVI.Agent.ipyqi |
Zillya | Trojan.Penguish.Win32.350 |
TrendMicro | TrojanSpy.Win32.STEALC.E |
McAfeeD | ti!EDA401786B61 |
Sophos | Mal/Generic-R |
Detected | |
Avira | TR/AVI.Agent.ipyqi |
Antiy-AVL | Trojan/Win32.Rugmi |
Kingsoft | Win32.Troj.Generic.v |
Gridinsoft | Trojan.Win32.Gen.cl |
Microsoft | Trojan:Win32/Rugmi!MSR |
ZoneAlarm | UDS:Trojan.Win32.Penguish |
GData | Win32.Trojan.Agent.VCQGXY |
Varist | W32/ABTrojan.DVWK-2455 |
DeepInstinct | MALICIOUS |
Malwarebytes | Trojan.PyengyLoader |
Ikarus | Trojan.Win32.Rugmi |
TrendMicro-HouseCall | TrojanSpy.Win32.STEALC.E |
Tencent | Malware.Win32.Gencirc.14136fff |
MaxSecure | Trojan.Malware.116989021.susgen |
Fortinet | Malicious_Behavior.SB |
AVG | Win32:Malware-gen |
Paloalto | generic.ml |
alibabacloud | Trojan[downloader]:Win/Rugmi.AMS |