Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | Sept. 2, 2024, 1:46 p.m. | Sept. 2, 2024, 1:49 p.m. |
Name | Response | Post-Analysis Lookup |
---|---|---|
fivexv5vs.top | 195.133.48.136 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.101:49162 -> 195.133.48.136:80 | 2054350 | ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 | A Network Trojan was detected |
TCP 192.168.56.101:49162 -> 195.133.48.136:80 | 2023882 | ET INFO HTTP Request to a *.top domain | Potentially Bad Traffic |
UDP 192.168.56.101:59002 -> 164.124.101.2:53 | 2023883 | ET DNS Query to a *.top domain - Likely Hostile | Potentially Bad Traffic |
TCP 192.168.56.101:49162 -> 195.133.48.136:80 | 2054350 | ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 | A Network Trojan was detected |
TCP 192.168.56.101:49162 -> 195.133.48.136:80 | 2054350 | ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 | A Network Trojan was detected |
Suricata TLS
No Suricata TLS
suspicious_features | POST method with no referer header | suspicious_request | POST http://fivexv5vs.top/v1/upload.php |
request | POST http://fivexv5vs.top/v1/upload.php |
request | POST http://fivexv5vs.top/v1/upload.php |
file | C:\Users\test22\AppData\Local\Temp\JhCTEUiuPFSAmdKyCcGU.dll |
file | C:\Users\test22\AppData\Local\Temp\service123.exe |
section | {u'size_of_data': u'0x000e2600', u'virtual_address': u'0x00b3a000', u'entropy': 6.8414982279135135, u'name': u'.reloc', u'virtual_size': u'0x000e242c'} | entropy | 6.84149822791 | description | A section with a high entropy has been found |
Elastic | malicious (high confidence) |
ALYac | Generic.Dacic.3704.B0934D5A |
VIPRE | Generic.Dacic.3704.B0934D5A |
K7AntiVirus | Password-Stealer ( 0054cf561 ) |
BitDefender | Generic.Dacic.3704.B0934D5A |
K7GW | Password-Stealer ( 0054cf561 ) |
Arcabit | Generic.Dacic.3704.B0934D5A |
Symantec | ML.Attribute.HighConfidence |
ESET-NOD32 | a variant of Win32/PSW.Agent.OGR |
APEX | Malicious |
McAfee | Artemis!06B767BF2A7D |
Avast | Win32:Evo-gen [Trj] |
ClamAV | Win.Malware.Barys-10032866-0 |
Kaspersky | UDS:Trojan-PSW.Win32.Cryptnot.cnr |
MicroWorld-eScan | Generic.Dacic.3704.B0934D5A |
Rising | Trojan.CryptBot!8.19865 (TFE:5:du8Y4XG1zuF) |
Emsisoft | Generic.Dacic.3704.B0934D5A (B) |
FireEye | Generic.Dacic.3704.B0934D5A |
Sophos | Mal/Generic-S |
Detected | |
MAX | malware (ai score=87) |
Microsoft | Trojan:Win32/CryptBot.CCJD!MTB |
ZoneAlarm | UDS:Trojan-PSW.Win32.Cryptnot.cnr |
GData | Win32.Trojan.PSE.1D64ECY |
AhnLab-V3 | Infostealer/Win.CryptBot.R662764 |
Malwarebytes | Spyware.Stealer |
Ikarus | Trojan-PSW.Agent |
Panda | Trj/Genetic.gen |
Fortinet | W32/Agent.OGR!tr.pws |
AVG | Win32:Evo-gen [Trj] |