Channel4.exe| Category | Machine | Started | Completed |
|---|---|---|---|
| FILE | s1_win7_x6401 | Sept. 8, 2024, 10:50 a.m. | Sept. 8, 2024, 10:54 a.m. |
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| tventyv20sb.top | 194.87.248.136 |
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| UDP 192.168.56.101:59002 -> 164.124.101.2:53 | 2023883 | ET DNS Query to a *.top domain - Likely Hostile | Potentially Bad Traffic |
| TCP 192.168.56.101:49162 -> 194.87.248.136:80 | 2054350 | ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 | A Network Trojan was detected |
| TCP 192.168.56.101:49162 -> 194.87.248.136:80 | 2023882 | ET INFO HTTP Request to a *.top domain | Potentially Bad Traffic |
| TCP 192.168.56.101:49162 -> 194.87.248.136:80 | 2054350 | ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 | A Network Trojan was detected |
| TCP 192.168.56.101:49162 -> 194.87.248.136:80 | 2054350 | ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 | A Network Trojan was detected |
Suricata TLS
No Suricata TLS
| suspicious_features | POST method with no referer header | suspicious_request | POST http://tventyv20sb.top/v1/upload.php | ||||||
| request | POST http://tventyv20sb.top/v1/upload.php |
| request | POST http://tventyv20sb.top/v1/upload.php |
| domain | tventyv20sb.top | description | Generic top level domain TLD | ||||||
| file | C:\Users\test22\AppData\Local\Temp\BNNHSGUhODptlotdQhQO.dll |
| file | C:\Users\test22\AppData\Local\Temp\service123.exe |
| section | {u'size_of_data': u'0x000e2800', u'virtual_address': u'0x00b3f000', u'entropy': 6.841474560790504, u'name': u'.reloc', u'virtual_size': u'0x000e27b4'} | entropy | 6.84147456079 | description | A section with a high entropy has been found | |||||||||
| Lionic | Trojan.Win32.Dacic.i!c |
| Elastic | malicious (high confidence) |
| ALYac | Generic.Dacic.3738.43BF169D |
| VIPRE | Generic.Dacic.3738.43BF169D |
| Sangfor | Infostealer.Win32.Cryptbot.Vjgt |
| K7AntiVirus | Password-Stealer ( 0054cf561 ) |
| BitDefender | Generic.Dacic.3738.43BF169D |
| K7GW | Password-Stealer ( 0054cf561 ) |
| Arcabit | Generic.Dacic.3738.43BF169D |
| Symantec | ML.Attribute.HighConfidence |
| ESET-NOD32 | a variant of Win32/PSW.Agent.OGR |
| Avast | Win32:Evo-gen [Trj] |
| ClamAV | Win.Malware.Barys-10032866-0 |
| Kaspersky | UDS:DangerousObject.Multi.Generic |
| Alibaba | TrojanPSW:Win32/CryptBot.64557e59 |
| MicroWorld-eScan | Generic.Dacic.3738.43BF169D |
| Rising | Trojan.CryptBot!8.19865 (TFE:5:du8Y4XG1zuF) |
| Emsisoft | Generic.Dacic.3738.43BF169D (B) |
| F-Secure | Trojan.TR/PSW.Agent.aymsv |
| McAfeeD | ti!DA7FADC67180 |
| FireEye | Generic.Dacic.3738.43BF169D |
| Sophos | Mal/Generic-S |
| Ikarus | Trojan-PSW.Agent |
| Detected | |
| Avira | TR/PSW.Agent.aymsv |
| MAX | malware (ai score=82) |
| Antiy-AVL | Trojan/Win32.Cryptbot |
| Kingsoft | Win32.Trojan-PSW.Stealer.gen |
| Gridinsoft | Trojan.Win32.CryptBot.tr |
| Microsoft | Trojan:Win32/CryptBot.CCJD!MTB |
| ViRobot | Trojan.Win.Z.Dacic.6698109 |
| ZoneAlarm | UDS:DangerousObject.Multi.Generic |
| GData | Win32.Trojan.PSE.1D64ECY |
| Varist | W32/Agent.JHG.gen!Eldorado |
| AhnLab-V3 | Infostealer/Win.CryptBot.R661185 |
| DeepInstinct | MALICIOUS |
| Malwarebytes | Spyware.Stealer |
| Panda | Trj/Genetic.gen |
| Tencent | Trojan.Win32.Agent.16001366 |
| Fortinet | W32/Agent.OGR!tr |
| AVG | Win32:Evo-gen [Trj] |
| Paloalto | generic.ml |
| alibabacloud | Trojan[stealer]:Win/CryptBot.CWU!3DGW |