Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | Sept. 11, 2024, 10:36 a.m. | Sept. 11, 2024, 10:40 a.m. |
Name | Response | Post-Analysis Lookup |
---|---|---|
fivev5pn.top | 185.244.181.38 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
UDP 192.168.56.101:59002 -> 164.124.101.2:53 | 2023883 | ET DNS Query to a *.top domain - Likely Hostile | Potentially Bad Traffic |
TCP 192.168.56.101:49165 -> 185.244.181.38:80 | 2023882 | ET INFO HTTP Request to a *.top domain | Potentially Bad Traffic |
TCP 192.168.56.101:49165 -> 185.244.181.38:80 | 2054350 | ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 | A Network Trojan was detected |
TCP 192.168.56.101:49163 -> 185.244.181.38:80 | 2054350 | ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 | A Network Trojan was detected |
TCP 192.168.56.101:49166 -> 185.244.181.38:80 | 2054350 | ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 | A Network Trojan was detected |
Suricata TLS
No Suricata TLS
suspicious_features | POST method with no referer header | suspicious_request | POST http://fivev5pn.top/v1/upload.php |
request | POST http://fivev5pn.top/v1/upload.php |
request | POST http://fivev5pn.top/v1/upload.php |
domain | fivev5pn.top | description | Generic top level domain TLD |
file | C:\Users\test22\AppData\Local\Temp\AcjUskBhyKbMmQUydNUN.dll |
file | C:\Users\test22\AppData\Local\Temp\service123.exe |
section | {u'size_of_data': u'0x000e2c00', u'virtual_address': u'0x00b3f000', u'entropy': 6.841551263059048, u'name': u'.reloc', u'virtual_size': u'0x000e2b50'} | entropy | 6.84155126306 | description | A section with a high entropy has been found |
Lionic | Trojan.Win32.CryptBot.4!c |
Elastic | malicious (high confidence) |
ALYac | Generic.Dacic.3704.141816D0 |
VIPRE | Generic.Dacic.3704.141816D0 |
Sangfor | Infostealer.Win32.Cryptbot.Vr77 |
K7AntiVirus | Password-Stealer ( 0054cf561 ) |
BitDefender | Generic.Dacic.3704.141816D0 |
K7GW | Password-Stealer ( 0054cf561 ) |
Arcabit | Generic.Dacic.3704.141816D0 |
Symantec | ML.Attribute.HighConfidence |
ESET-NOD32 | a variant of Win32/PSW.Agent.OGR |
Avast | Win32:Evo-gen [Trj] |
ClamAV | Win.Malware.Barys-10032866-0 |
Kaspersky | UDS:DangerousObject.Multi.Generic |
Alibaba | TrojanPSW:Win32/CryptBot.c2a78318 |
MicroWorld-eScan | Generic.Dacic.3704.141816D0 |
Rising | Trojan.CryptBot!8.19865 (TFE:5:du8Y4XG1zuF) |
Emsisoft | Generic.Dacic.3704.141816D0 (B) |
TrendMicro | Trojan.Win32.PRIVATELOADER.YXEIKZ |
McAfeeD | ti!95704AEBBA05 |
FireEye | Generic.Dacic.3704.141816D0 |
Sophos | Mal/Generic-S |
Webroot | W32.ConvaGent |
Detected | |
Avira | TR/PSW.Agent.njyvu |
MAX | malware (ai score=87) |
Antiy-AVL | Trojan/Win32.Cryptbot |
Kingsoft | Win32.Trojan-PSW.Cryptnot.cxa |
Gridinsoft | Trojan.Win32.CryptBot.tr |
Microsoft | Trojan:Win32/CryptBot.CCJD!MTB |
ZoneAlarm | UDS:DangerousObject.Multi.Generic |
GData | Win32.Trojan.PSE.17KK2SY |
AhnLab-V3 | Trojan/Win.CryptBot.C5659071 |
McAfee | Artemis!E52FC4B24FFF |
DeepInstinct | MALICIOUS |
Malwarebytes | Spyware.Stealer |
Ikarus | Win32.Outbreak |
Panda | Trj/Genetic.gen |
TrendMicro-HouseCall | TROJ_GEN.R014C0DIA24 |
Tencent | Trojan.Win32.Agent.16001366 |
Fortinet | W32/Agent.OGR!tr |
AVG | Win32:Evo-gen [Trj] |
Paloalto | generic.ml |
CrowdStrike | win/malicious_confidence_60% (D) |
alibabacloud | Trojan[stealer]:Win/CryptBot.CWU!3DGW |