Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | Sept. 8, 2024, 10:50 a.m. | Sept. 8, 2024, 10:54 a.m. |
Name | Response | Post-Analysis Lookup |
---|---|---|
tventyv20sb.top | 194.87.248.136 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
UDP 192.168.56.101:59002 -> 164.124.101.2:53 | 2023883 | ET DNS Query to a *.top domain - Likely Hostile | Potentially Bad Traffic |
TCP 192.168.56.101:49162 -> 194.87.248.136:80 | 2054350 | ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 | A Network Trojan was detected |
TCP 192.168.56.101:49162 -> 194.87.248.136:80 | 2023882 | ET INFO HTTP Request to a *.top domain | Potentially Bad Traffic |
TCP 192.168.56.101:49162 -> 194.87.248.136:80 | 2054350 | ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 | A Network Trojan was detected |
TCP 192.168.56.101:49162 -> 194.87.248.136:80 | 2054350 | ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 | A Network Trojan was detected |
Suricata TLS
No Suricata TLS
suspicious_features | POST method with no referer header | suspicious_request | POST http://tventyv20sb.top/v1/upload.php |
request | POST http://tventyv20sb.top/v1/upload.php |
request | POST http://tventyv20sb.top/v1/upload.php |
domain | tventyv20sb.top | description | Generic top level domain TLD |
file | C:\Users\test22\AppData\Local\Temp\BNNHSGUhODptlotdQhQO.dll |
file | C:\Users\test22\AppData\Local\Temp\service123.exe |
section | {u'size_of_data': u'0x000e2800', u'virtual_address': u'0x00b3f000', u'entropy': 6.841474560790504, u'name': u'.reloc', u'virtual_size': u'0x000e27b4'} | entropy | 6.84147456079 | description | A section with a high entropy has been found |
Lionic | Trojan.Win32.Dacic.i!c |
Elastic | malicious (high confidence) |
ALYac | Generic.Dacic.3738.43BF169D |
VIPRE | Generic.Dacic.3738.43BF169D |
Sangfor | Infostealer.Win32.Cryptbot.Vjgt |
K7AntiVirus | Password-Stealer ( 0054cf561 ) |
BitDefender | Generic.Dacic.3738.43BF169D |
K7GW | Password-Stealer ( 0054cf561 ) |
Arcabit | Generic.Dacic.3738.43BF169D |
Symantec | ML.Attribute.HighConfidence |
ESET-NOD32 | a variant of Win32/PSW.Agent.OGR |
Avast | Win32:Evo-gen [Trj] |
ClamAV | Win.Malware.Barys-10032866-0 |
Kaspersky | UDS:DangerousObject.Multi.Generic |
Alibaba | TrojanPSW:Win32/CryptBot.64557e59 |
MicroWorld-eScan | Generic.Dacic.3738.43BF169D |
Rising | Trojan.CryptBot!8.19865 (TFE:5:du8Y4XG1zuF) |
Emsisoft | Generic.Dacic.3738.43BF169D (B) |
F-Secure | Trojan.TR/PSW.Agent.aymsv |
McAfeeD | ti!DA7FADC67180 |
FireEye | Generic.Dacic.3738.43BF169D |
Sophos | Mal/Generic-S |
Ikarus | Trojan-PSW.Agent |
Detected | |
Avira | TR/PSW.Agent.aymsv |
MAX | malware (ai score=82) |
Antiy-AVL | Trojan/Win32.Cryptbot |
Kingsoft | Win32.Trojan-PSW.Stealer.gen |
Gridinsoft | Trojan.Win32.CryptBot.tr |
Microsoft | Trojan:Win32/CryptBot.CCJD!MTB |
ViRobot | Trojan.Win.Z.Dacic.6698109 |
ZoneAlarm | UDS:DangerousObject.Multi.Generic |
GData | Win32.Trojan.PSE.1D64ECY |
Varist | W32/Agent.JHG.gen!Eldorado |
AhnLab-V3 | Infostealer/Win.CryptBot.R661185 |
DeepInstinct | MALICIOUS |
Malwarebytes | Spyware.Stealer |
Panda | Trj/Genetic.gen |
Tencent | Trojan.Win32.Agent.16001366 |
Fortinet | W32/Agent.OGR!tr |
AVG | Win32:Evo-gen [Trj] |
Paloalto | generic.ml |
alibabacloud | Trojan[stealer]:Win/CryptBot.CWU!3DGW |