Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
05.01 02:05
LoginMain(1)
05.01 02:05
LoginMain
05.01 02:05
veneziaLogin.js.pobrane
05.01 02:05
troubleshot-modal-info...
05.01 02:05
LoginMain(4)
05.01 02:05
LoginMain(3)
05.01 02:05
LoginMain(2)
05.01 02:05
LoginMain(6)
05.01 02:05
LoginMain(5)
05.01 02:05
background

Latest News
05.01 04:05
Steganography Analysis...
05.01 04:05
North Korea Stole Your...
05.01 04:05
SonicWall Confirms Act...
05.01 04:05
Elektronische Patiente...
05.01 04:05
Anzeige: Digitale Souv...
05.01 02:05
Vintage Stereo Stack B...
05.01 02:05
Key Saudi Rule Change ...
05.01 01:05
티오리, 옥타(Okta)와 협력…신원 기...
05.01 01:05
Tesla Board Started Se...
05.01 12:05
RSAC: AI may force a r...

Summary | ZeroBOX

TestikBro.exe

Generic Malware Malicious Library Downloader UPX PE64 PE File OS Processor Check

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Aug. 19, 2024, 2 p.m.	Aug. 19, 2024, 2:54 p.m.

Size	381.0KB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`7c0a5c2cde620549b93d8372960b63c1`
SHA256	`3271f49b0f0a89a484b670cf79cd73f57c28cae28a5a3e0c1c6c281c9aaadd71`
CRC32	`7CDCEF56`
ssdeep	`6144:YePdowp/FFsk4ff2wZ5Yd3CTqhs1T5CJGi6Axj6KAI281:NowVLX4ff2wsd3BO1TM36AxHAF`
Yara	Malicious_Library_Zero - Malicious_Library Network_Downloader - File Downloader PE_Header_Zero - PE File Signature IsPE64 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

TestikBro.exe "C:\Users\test22\AppData\Local\Temp\TestikBro.exe"
1900

Name	Response	Post-Analysis Lookup
bitbucket.org	A 104.192.140.24 A 104.192.140.25 A 104.192.140.26	104.192.140.24

IP Address	Status	Action
104.192.140.24	Active	Moloch
164.124.101.2	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.103:49164 -> 104.192.140.24:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49165 -> 104.192.140.24:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Aug. 19, 2024, 1:53 p.m.			0	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

_RDATA

Creates executable files on the filesystem (1 event)

file	C:\Users\test22\AppData\Local\file1.exe

File has been identified by 18 AntiVirus engines on VirusTotal as malicious (18 events)

Bkav	W64.AIDetectMalware
Elastic	malicious (high confidence)
Cylance	Unsafe
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win64:DropperX-gen [Drp]
Kaspersky	UDS:DangerousObject.Multi.Generic
Rising	Downloader.Agent!8.B23 (CLOUD)
McAfeeD	ti!3271F49B0F0A
Ikarus	Trojan.Win64.Agent
Google	Detected
Kingsoft	Win32.Troj.Unknown.a
Microsoft	Trojan:Win32/Wacatac.B!ml
ZoneAlarm	UDS:DangerousObject.Multi.Generic
DeepInstinct	MALICIOUS
AVG	Win64:DropperX-gen [Drp]
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_70% (D)