Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Oct. 10, 2024, 10:55 a.m.	Oct. 10, 2024, 11:02 a.m.

Size	326.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`bc243f8f7947522676dc0ea1046cb868`
SHA256	`55d1c945e131c2d14430f364001e6d080642736027cdc0f75010c31e01afcf3a`
CRC32	`87896CD8`
ssdeep	`6144:FOwECuuEW5cgSPppM50MCJkvwvYTptAvK9V8pTjS8dE5EYan7aeoMVlw8n4poK9G:FOwEBVW5cgYnn7OMVlwfTWw0l+k`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

Name	Response	Post-Analysis Lookup
poledrivenstyle.shop	A 104.21.48.38 A 172.67.176.175	104.21.48.38
beautyandstyles.shop	A 104.21.9.92 A 172.67.159.186	104.21.9.92

Flow	SID	Signature	Category
TCP 192.168.56.103:49165 -> 104.21.48.38:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49161 -> 104.21.48.38:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49163 -> 104.21.9.92:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.103:49161 104.21.48.38:443	C=US, O=Google Trust Services, CN=WE1	CN=poledrivenstyle.shop	ea:e9:fc:f6:1f:58:99:26:71:9c:99:11:a4:38:e8:9c:5f:4b:22:49
TLSv1 192.168.56.103:49165 104.21.48.38:443	None	None	None
TLSv1 192.168.56.103:49163 104.21.9.92:443	C=US, O=Google Trust Services, CN=WE1	CN=beautyandstyles.shop	e4:c2:7d:fe:8e:8b:f4:7f:94:c7:ea:76:2e:39:a0:90:c8:55:ff:bc

Time & API	Arguments	Status	Return
GetComputerNameA Oct. 10, 2024, 10:55 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameA Oct. 10, 2024, 10:55 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameA Oct. 10, 2024, 10:55 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 10, 2024, 10:55 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 10, 2024, 10:55 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 10, 2024, 10:55 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameA Oct. 10, 2024, 10:55 a.m.	computer_name: TEST22-PC	1	1

request	GET https://poledrivenstyle.shop/socket/?serviceCheckup
request	GET https://beautyandstyles.shop/socket/?serviceCheckup
request	GET https://poledrivenstyle.shop/socket/?id=08CA843D0A15D2560E8FA7EE94E71AC9B38318DF02721EA26194DF153A2BEEA0&us=1ACC94780D1E&mn=3AECB4580D1EC6312C&os=39C08968505B9841589FC5AB9AE31E8EF2DC42D055785DDC&bld=38E7AF556D16AA0C0E

description

Unit.exe tried to sleep 120 seconds, actually delayed analysis time by 120 seconds

wmi	SELECT * FROM Win32_Processor

registry

HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion

Time & API	Arguments	Status	Return	Repeated
LdrGetDllHandle Oct. 10, 2024, 10:55 a.m.	module_name: snxhk.dll module_address: 0x00000000 stack_pivoted: 0		3221225781	0
LdrGetDllHandle Oct. 10, 2024, 10:55 a.m.	module_name: snxhk.dll module_address: 0x00000000 stack_pivoted: 0		3221225781	0

file	C:\Users\admin\Documents\Outlook Files\outlook.pst
file	C:\Users\admin\Documents\Outlook Files\honey@pot.com.pst

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F81F111D0E5AB58D396F7BF525577FD30FDC95AA\Blob

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Tasker.1g!c
MicroWorld-eScan	Gen:Variant.Zusy.561939
CAT-QuickHeal	Trojan.Sabsik
Skyhigh	BehavesLike.Win32.CoinMiner.fh
ALYac	Gen:Variant.Zusy.561939
Cylance	Unsafe
VIPRE	Gen:Variant.Zusy.561939
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_90% (D)
BitDefender	Gen:Variant.Zusy.561939
K7GW	Trojan ( 005b828b1 )
K7AntiVirus	Trojan ( 005b828b1 )
Arcabit	Trojan.Zusy.D89313
VirIT	Trojan.Win32.Genus.WPB
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Agent.AGPC
APEX	Malicious
Avast	Win32:TrojanX-gen [Trj]
Cynet	Malicious (score: 100)
Kaspersky	Trojan.Win32.Tasker.bdtc
Alibaba	Trojan:Win32/Tasker.3309bc66
NANO-Antivirus	Trojan.Win32.Jaik.ksjraz
Rising	Trojan.Amadey!8.11DFB (TFE:5:vGhulzjTAJ)
Emsisoft	Gen:Variant.Zusy.561939 (B)
F-Secure	Trojan.TR/Agent.ulryp
Zillya	Trojan.Tasker.Win32.6053
TrendMicro	Trojan.Win32.AMADEY.YXEJAZ
McAfeeD	Real Protect-LS!BC243F8F7947
CTX	exe.trojan.generic
Sophos	Mal/Generic-S
SentinelOne	Static AI - Malicious PE
FireEye	Generic.mg.bc243f8f79475226
Google	Detected
Avira	TR/Agent.ulryp
Antiy-AVL	Trojan/Win32.Sabsik
Kingsoft	Win32.HeurC.KVMH017.a
Gridinsoft	Ransom.Win32.Sabsik.sa
Microsoft	Trojan:Win32/Multiverze
ViRobot	Trojan.Win.Z.Zusy.334336.A
ZoneAlarm	Trojan.Win32.Tasker.bdtc
GData	Gen:Variant.Zusy.561939
Varist	W32/ABTrojan.FAVF-3272
AhnLab-V3	Trojan/Win.Generic.C5659602
McAfee	Artemis!BC243F8F7947
DeepInstinct	MALICIOUS
VBA32	BScope.Trojan.Wacatac
Malwarebytes	Trojan.Zharkbot
Ikarus	Trojan.Win32.Agent

Unit.exe