Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Sept. 19, 2024, 9:35 a.m.	Sept. 19, 2024, 10:01 a.m.

Size	507.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`6ca0b0717cfa0684963ff129abb8dce9`
SHA256	`2500aa539a7a5ae690d830fae6a2b89e26ba536f8751ba554e9f4967d48e6cfa`
CRC32	`F8FA1047`
ssdeep	`6144:paNY2RhksAZnFcHQgu6NRvBf03SJRvX2CRXZGS9PlUlAREoghgAOAw7hB1:cN5CsIFcHQHGRvVrL99PSoghgKwl`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

clip.exe "C:\Users\test22\AppData\Local\Temp\clip.exe"
416

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
185.215.113.117	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.gfids

HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 event)

suspicious_features

Connection to IP address

suspicious_request

GET http://185.215.113.117/nholman/

Performs some HTTP requests (1 event)

request

GET http://185.215.113.117/nholman/

Communicates with host for which no DNS query was performed (1 event)

host

185.215.113.117

File has been identified by 57 AntiVirus engines on VirusTotal as malicious (50 out of 57 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.ClipBanker.Z!c
Cynet	Malicious (score: 100)
CAT-QuickHeal	Trojan.Caynamer
Skyhigh	BehavesLike.Win32.Infected.hh
ALYac	Gen:Trojan.Heur3.LPT.FuW@aqmI89fab
Cylance	Unsafe
VIPRE	Gen:Variant.Fragtor.651999
Sangfor	Banker.Win32.Clipbanker.Vkaa
CrowdStrike	win/malicious_confidence_70% (D)
BitDefender	Gen:Variant.Fragtor.651999
K7GW	Trojan ( 005ba7e41 )
K7AntiVirus	Trojan ( 005ba7e41 )
Arcabit	Trojan.Fragtor.D9F2DF
VirIT	Trojan.Win32.Genus.WKM
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	Win32/ClipBanker.TK
APEX	Malicious
Avast	Win32:MalwareX-gen [Trj]
Kaspersky	HEUR:Trojan-Banker.Win32.ClipBanker.gen
Alibaba	TrojanBanker:Win32/ClipBanker.a7995e08
MicroWorld-eScan	Gen:Variant.Fragtor.651999
Rising	Trojan.ClipBanker!8.5FB (CLOUD)
Emsisoft	Gen:Variant.Fragtor.651999 (B)
F-Secure	Trojan.TR/Spy.ClipBanker.rfuqj
TrendMicro	Trojan.Win32.AMADEY.YXEINZ
McAfeeD	Real Protect-LS!6CA0B0717CFA
Trapmine	suspicious.low.ml.score
CTX	exe.trojan.clipbanker
Sophos	Mal/Generic-S
SentinelOne	Static AI - Malicious PE
FireEye	Generic.mg.6ca0b0717cfa0684
Webroot	W32.Trojan.Heur3.LPT.FuW@aqmI89
Google	Detected
Avira	TR/Spy.ClipBanker.rfuqj
Antiy-AVL	Trojan/Win32.Caynamer
Kingsoft	Win32.Trojan-Banker.ClipBanker.gen
Gridinsoft	Trojan.Win32.Downloader.sa
Xcitium	Malware@#14lobtiynyuq4
Microsoft	Trojan:Win32/Wacatac.B!ml
ZoneAlarm	HEUR:Trojan-Banker.Win32.ClipBanker.gen
GData	Gen:Variant.Fragtor.651999
Varist	W32/ABTrojan.ZEGB-2919
AhnLab-V3	Trojan/Win.Generic.C5671185
McAfee	Artemis!6CA0B0717CFA
DeepInstinct	MALICIOUS
VBA32	TrojanBanker.ClipBanker
Malwarebytes	Trojan.Downloader
Ikarus	Trojan.Win32.Clipbanker

clip.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All