asdz2.png| Category | Machine | Started | Completed |
|---|---|---|---|
| FILE | s1_win7_x6401 | Oct. 9, 2024, 12:51 p.m. | Oct. 9, 2024, 12:59 p.m. |
-
asdz2.png "C:\Users\test22\AppData\Local\Temp\asdz2.png"
2548
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| xmr-eu1.nanopool.org | 51.89.23.91 | |
| pastebin.com | 172.67.19.24 | |
| xmr-eu2.nanopool.org | 51.68.137.186 |
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| UDP 192.168.56.101:59002 -> 164.124.101.2:53 | 2033268 | ET POLICY Observed DNS Query to Coin Mining Domain (nanopool .org) | Potential Corporate Privacy Violation |
| UDP 192.168.56.101:53004 -> 164.124.101.2:53 | 2033268 | ET POLICY Observed DNS Query to Coin Mining Domain (nanopool .org) | Potential Corporate Privacy Violation |
| TCP 192.168.56.101:49163 -> 104.20.4.235:443 | 906200068 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (CoinMiner) | undefined |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLS 1.3 192.168.56.101:49162 51.15.65.182:10343 |
None | None | None |
|
TLS 1.3 192.168.56.101:49163 104.20.4.235:443 |
None | None | None |
|
TLS 1.3 192.168.56.101:49164 51.15.61.114:10343 |
None | None | None |
| section | .00cfg |
| Bkav | W64.AIDetectMalware |
| Lionic | Trojan.Win32.Agent.Y!c |
| Cynet | Malicious (score: 100) |
| CAT-QuickHeal | Trojan.CoinMiner.S32378657 |
| Skyhigh | Trojan-FWEM!61D3ABFF46A6 |
| Cylance | Unsafe |
| VIPRE | Gen:Heur.Mint.Zard.25 |
| Sangfor | Suspicious.Win32.Save.a |
| K7AntiVirus | Trojan ( 005af85d1 ) |
| BitDefender | Gen:Heur.Mint.Zard.25 |
| K7GW | Trojan ( 005af85d1 ) |
| Arcabit | Trojan.Mint.Zard.25 |
| Symantec | Trojan.Coinminer!g3 |
| Elastic | Windows.Generic.Threat |
| ESET-NOD32 | a variant of Win64/Kryptik.EDF |
| APEX | Malicious |
| Avast | Win64:Evo-gen [Trj] |
| ClamAV | Win.Packed.Zusy-10018533-0 |
| Kaspersky | HEUR:Trojan.Win32.Agent.gen |
| Alibaba | Trojan:Win64/CoinMiner.75f8a945 |
| NANO-Antivirus | Trojan.Win64.Kryptik.kpuodh |
| MicroWorld-eScan | Gen:Heur.Mint.Zard.25 |
| Rising | Trojan.Kryptik!8.8 (TFE:5:puXfYWFTsfG) |
| Emsisoft | Gen:Heur.Mint.Zard.25 (B) |
| F-Secure | Heuristic.HEUR/AGEN.1370826 |
| DrWeb | Trojan.Siggen29.3034 |
| Zillya | Trojan.Kryptik.Win64.46792 |
| TrendMicro | TROJ_GEN.R002C0DFT24 |
| McAfeeD | ti!B1A351EE6144 |
| CTX | exe.trojan.kryptik |
| Sophos | Troj/Krypt-ADL |
| SentinelOne | Static AI - Malicious PE |
| FireEye | Gen:Heur.Mint.Zard.25 |
| Webroot | W32.Trojan.CoinMiner |
| Detected | |
| Avira | HEUR/AGEN.1370826 |
| Antiy-AVL | Trojan/Win64.GenKryptik |
| Kingsoft | Win32.Trojan.Agent.gen |
| Gridinsoft | Trojan.Win64.CoinMiner.sa |
| Microsoft | Trojan:Win64/CoinMiner!pz |
| ZoneAlarm | HEUR:Trojan.Win32.Agent.gen |
| GData | Gen:Heur.Mint.Zard.25 |
| Varist | W64/Kryptik.LBJ.gen!Eldorado |
| AhnLab-V3 | Dropper/Win.DropperX-gen.R622355 |
| McAfee | Trojan-FWEM!61D3ABFF46A6 |
| DeepInstinct | MALICIOUS |
| VBA32 | OScope.Trojan.Win64.Miner |
| Malwarebytes | Trojan.MalPack.Generic |
| Ikarus | Trojan.Win64.Krypt |
| Panda | Trj/GdSda.A |