Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Sept. 2, 2024, 10:12 a.m.	Sept. 2, 2024, 10:22 a.m.

Size	483.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`b21e324a39b4279504b10fee217239d3`
SHA256	`819eb00dba46a634dca1b24a66b977c650c2c54856fb150489397d622e065c2c`
CRC32	`8A552AEC`
ssdeep	`6144:QTz+c6KHYBhDc1RGJdv//NkUn+N5Bkf/0TELRvIZPjbsAOZZBAXccrmT4:QTlrYw1RUh3NFn+N5WfIQIjbs/ZBpT4`
Yara	Malicious_Library_Zero - Malicious_Library Network_Downloader - File Downloader PE_Header_Zero - PE File Signature infoStealer_browser_b_Zero - browser info stealer Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

jhg.exe "C:\Users\test22\AppData\Local\Temp\jhg.exe"
880
- startup.exe "C:\ProgramData\users\startup.exe"
  1872

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
147.124.209.163	Active	Moloch

No Suricata Alerts

No Suricata TLS

section

.gfids

description

startup.exe tried to sleep 163 seconds, actually delayed analysis time by 163 seconds

host

147.124.209.163

reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Rmc-X0705N	reg_value	"C:\ProgramData\users\startup.exe"
reg_key	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Rmc-X0705N	reg_value	"C:\ProgramData\users\startup.exe"
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Rmc-X0705N	reg_value	"C:\ProgramData\users\startup.exe"
reg_key	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Rmc-X0705N	reg_value	"C:\ProgramData\users\startup.exe"

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Remcos.m!c
Elastic	Windows.Trojan.Remcos
Cynet	Malicious (score: 100)
Skyhigh	BehavesLike.Win32.Remcos.gh
ALYac	Generic.Remcos.37AE8B82
Cylance	Unsafe
VIPRE	Generic.Remcos.37AE8B82
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 0053ac2c1 )
BitDefender	Generic.Remcos.37AE8B82
K7GW	Trojan ( 0053ac2c1 )
Cybereason	malicious.a39b42
Arcabit	Generic.Remcos.37AE8B82
Baidu	Win32.Trojan.Kryptik.awm
VirIT	Trojan.Win32.Remcos.HCY
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Rescoms.B
APEX	Malicious
McAfee	Remcos-FDQO!B21E324A39B4
Avast	Win32:RATX-gen [Trj]
ClamAV	Win.Trojan.Remcos-9841897-0
Kaspersky	HEUR:Backdoor.Win32.Remcos.gen
Alibaba	Backdoor:Win32/Remcos.efa210c2
NANO-Antivirus	Trojan.Win32.Rescoms.kqldxd
SUPERAntiSpyware	Trojan.Agent/Gen-Crypt
MicroWorld-eScan	Generic.Remcos.37AE8B82
Rising	Backdoor.Remcos!1.BAC7 (CLASSIC)
Emsisoft	Generic.Remcos.37AE8B82 (B)
F-Secure	Backdoor.BDS/Backdoor.Gen
DrWeb	BackDoor.Remcos.438
Zillya	Trojan.Rescoms.Win32.1913
McAfeeD	Real Protect-LS!B21E324A39B4
FireEye	Generic.mg.b21e324a39b42795
Sophos	Mal/Remcos-B
SentinelOne	Static AI - Malicious PE
Jiangmin	Backdoor.Remcos.dzw
Webroot	W32.Trojan.Remcos
Google	Detected
Avira	BDS/Backdoor.Gen
MAX	malware (ai score=85)
Kingsoft	malware.kb.a.1000
Gridinsoft	Trojan.Win32.Remcos.tr
Microsoft	Backdoor:Win32/Remcos.GA!MTB
ZoneAlarm	HEUR:Backdoor.Win32.Remcos.gen
GData	Win32.Backdoor.Remcos.P6Z4AV
Varist	W32/Trojan.TEVC-5559
AhnLab-V3	Backdoor/Win.Remcos.R634199
BitDefenderTheta	Gen:NN.ZexaF.36812.ECW@auCWdVli
DeepInstinct	MALICIOUS

jhg.exe