Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	Oct. 8, 2024, 9:54 p.m.	Oct. 8, 2024, 9:56 p.m.

Size	483.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`1a3fee38ced030e1751a309616c39202`
SHA256	`5c98933333dba1be4be8e673353fe8f433de2d21ea955591db12e6ec178a8598`
CRC32	`4AE6DC82`
ssdeep	`6144:4Tz+c6KHYBhDc1RGJdv//NkUn+N5Bkf/0TELRvIZPjbsAOZZXAXkcrwuT4:4TlrYw1RUh3NFn+N5WfIQIjbs/ZXYT4`
Yara	Malicious_Library_Zero - Malicious_Library Network_Downloader - File Downloader PE_Header_Zero - PE File Signature infoStealer_browser_b_Zero - browser info stealer Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

Name	Response	Post-Analysis Lookup
michelsrmccontrol.duckdns.org	A 107.175.130.20	107.175.130.20

IP Address	Status	Action
107.175.130.20	Active	Moloch
164.124.101.2	Active	Moloch

Flow	SID	Signature	Category
UDP 192.168.56.102:63709 -> 164.124.101.2:53	2042936	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain	Potentially Bad Traffic
UDP 192.168.56.102:63709 -> 164.124.101.2:53	2022918	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain	Misc activity
UDP 192.168.56.102:62846 -> 164.124.101.2:53	2042936	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain	Potentially Bad Traffic
UDP 192.168.56.102:62846 -> 164.124.101.2:53	2022918	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain	Misc activity

No Suricata TLS

section

.gfids

domain

michelsrmccontrol.duckdns.org

description

CCRNC.txt.exe tried to sleep 162 seconds, actually delayed analysis time by 162 seconds

Lionic	Trojan.Win32.Remcos.m!c
Cynet	Malicious (score: 100)
CAT-QuickHeal	Backdoor.Remcos
Skyhigh	BehavesLike.Win32.Remcos.gh
ALYac	Generic.Remcos.138B30D4
Cylance	Unsafe
VIPRE	Generic.Remcos.138B30D4
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (D)
BitDefender	Generic.Remcos.138B30D4
K7GW	Trojan ( 0053ac2c1 )
K7AntiVirus	Trojan ( 0053ac2c1 )
Arcabit	Generic.Remcos.138B30D4
Baidu	Win32.Trojan.Kryptik.awm
VirIT	Trojan.Win32.Remcos.HCY
Symantec	Trojan Horse
Elastic	Windows.Trojan.Remcos
ESET-NOD32	a variant of Win32/Rescoms.B
APEX	Malicious
Avast	Win32:RATX-gen [Trj]
ClamAV	Win.Trojan.Remcos-9841897-0
Kaspersky	HEUR:Backdoor.Win32.Remcos.gen
Alibaba	Backdoor:Win32/Remcos.be873ff6
NANO-Antivirus	Trojan.Win32.Rescoms.kqldxd
SUPERAntiSpyware	Trojan.Agent/Gen-Crypt
MicroWorld-eScan	Generic.Remcos.138B30D4
Rising	Backdoor.Remcos!1.BAC7 (CLASSIC)
Emsisoft	Generic.Remcos.138B30D4 (B)
F-Secure	Backdoor.BDS/Backdoor.Gen
DrWeb	BackDoor.Remcos.438
Zillya	Trojan.Rescoms.Win32.1913
McAfeeD	Real Protect-LS!1A3FEE38CED0
CTX	exe.trojan.remcos
Sophos	Mal/Remcos-B
Ikarus	Backdoor.Remcos
FireEye	Generic.mg.1a3fee38ced030e1
Jiangmin	Backdoor.Remcos.dzw
Webroot	W32.Trojan.Remcos
Google	Detected
Avira	BDS/Backdoor.Gen
Antiy-AVL	Trojan[Backdoor]/Win32.Rescoms.b
Kingsoft	Win32.Hack.Remcos.gen
Gridinsoft	Backdoor.Win32.Remcos.sa
Microsoft	Backdoor:Win32/Remcos.GA!MTB
ZoneAlarm	HEUR:Backdoor.Win32.Remcos.gen
GData	Generic.Remcos.138B30D4
Varist	W32/Trojan.TEVC-5559
AhnLab-V3	Backdoor/Win.Remcos.R634199
McAfee	Remcos-FDQO!1A3FEE38CED0
DeepInstinct	MALICIOUS

CCRNC.txt.exe