popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

jerniuiopu.exe

Generic Malware .NET framework(MSIL) Malicious Library UPX Malicious Packer PE File PE32 .NET EXE
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Nov. 8, 2024, 4:57 p.m. Nov. 8, 2024, 5:10 p.m.
Size 288.5KB
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 d0d7ce7681200387de77c7ab2e2841cd
SHA256 b64b141eb3b3fa67f6605eb99b0e6f78eb5df7d483a2a0889821ccfac71a7a96
CRC32 D45369E5
ssdeep 6144:w7zO0LSclT6FOwEP5Kq+SMv0VGb7bDcllbk9n:OlJtTF9zVGkllbkh
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • Is_DotNET_EXE - (no description)
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
freegeoip.net 15.197.148.33
ip-api.com 208.95.112.1
api.ipify.org 104.26.12.205
IP Address Status Action
164.124.101.2 Active Moloch
82.117.243.110 Active Moloch

Suricata Alerts

Flow SID Signature Category
UDP 192.168.56.103:64894 -> 164.124.101.2:53 2036860 ET INFO External IP Lookup Domain (freegeiop .net in DNS lookup) Device Retrieving External IP Address Detected
UDP 192.168.56.103:52760 -> 164.124.101.2:53 2054141 ET INFO External IP Lookup Domain in DNS Lookup (ip-api .com) Device Retrieving External IP Address Detected
UDP 192.168.56.103:64894 -> 164.124.101.2:53 2036860 ET INFO External IP Lookup Domain (freegeiop .net in DNS lookup) Device Retrieving External IP Address Detected
UDP 192.168.56.103:52760 -> 164.124.101.2:53 2054141 ET INFO External IP Lookup Domain in DNS Lookup (ip-api .com) Device Retrieving External IP Address Detected
UDP 192.168.56.103:64894 -> 164.124.101.2:53 2036860 ET INFO External IP Lookup Domain (freegeiop .net in DNS lookup) Device Retrieving External IP Address Detected
UDP 192.168.56.103:52760 -> 164.124.101.2:53 2054141 ET INFO External IP Lookup Domain in DNS Lookup (ip-api .com) Device Retrieving External IP Address Detected
UDP 192.168.56.103:53673 -> 8.8.8.8:53 2047702 ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup Misc activity
UDP 192.168.56.103:53673 -> 8.8.8.8:53 2047702 ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup Misc activity
UDP 192.168.56.103:53673 -> 8.8.8.8:53 2047702 ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup Misc activity
UDP 192.168.56.103:53673 -> 8.8.8.8:53 2047702 ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup Misc activity
UDP 192.168.56.103:52760 -> 8.8.8.8:53 2054141 ET INFO External IP Lookup Domain in DNS Lookup (ip-api .com) Device Retrieving External IP Address Detected
UDP 192.168.56.103:52760 -> 8.8.8.8:53 2054141 ET INFO External IP Lookup Domain in DNS Lookup (ip-api .com) Device Retrieving External IP Address Detected
UDP 192.168.56.103:52760 -> 8.8.8.8:53 2054141 ET INFO External IP Lookup Domain in DNS Lookup (ip-api .com) Device Retrieving External IP Address Detected
UDP 192.168.56.103:52760 -> 8.8.8.8:53 2054141 ET INFO External IP Lookup Domain in DNS Lookup (ip-api .com) Device Retrieving External IP Address Detected
UDP 192.168.56.103:64894 -> 8.8.8.8:53 2036860 ET INFO External IP Lookup Domain (freegeiop .net in DNS lookup) Device Retrieving External IP Address Detected
UDP 192.168.56.103:64894 -> 8.8.8.8:53 2036860 ET INFO External IP Lookup Domain (freegeiop .net in DNS lookup) Device Retrieving External IP Address Detected
UDP 192.168.56.103:64894 -> 8.8.8.8:53 2036860 ET INFO External IP Lookup Domain (freegeiop .net in DNS lookup) Device Retrieving External IP Address Detected
UDP 192.168.56.103:64894 -> 8.8.8.8:53 2036860 ET INFO External IP Lookup Domain (freegeiop .net in DNS lookup) Device Retrieving External IP Address Detected
UDP 192.168.56.103:53673 -> 164.124.101.2:53 2047702 ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup Misc activity
UDP 192.168.56.103:53673 -> 164.124.101.2:53 2047702 ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup Misc activity
UDP 192.168.56.103:53673 -> 164.124.101.2:53 2047702 ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup Misc activity

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: SUCCESS: The scheduled task "NET framework" has successfully been created.
console_handle: 0x00000007
1 1 0
domain api.ipify.org
domain ip-api.com
host 82.117.243.110
dead_host 82.117.243.110:5173
Bkav W32.AIDetectMalware.CS
Lionic Trojan.Win32.Quasar.m!c
CAT-QuickHeal Backdoor.MsilFC.S6050939
Skyhigh BehavesLike.Win32.Generic.dh
Cylance Unsafe
VIPRE Gen:Heur.Ransom.Imps.3
CrowdStrike win/malicious_confidence_100% (W)
BitDefender Gen:Heur.Ransom.Imps.3
K7GW Trojan ( 00562f821 )
K7AntiVirus Trojan ( 00562f821 )
Arcabit Trojan.Ransom.Imps.3
VirIT Backdoor.Win32.Quasar.AM
Symantec ML.Attribute.HighConfidence
Elastic Windows.Trojan.Quasarrat
ESET-NOD32 a variant of MSIL/Spy.Agent.AES
APEX Malicious
Avast MSIL:Rat-B [Trj]
ClamAV Win.Trojan.Barys-1
Kaspersky HEUR:Backdoor.MSIL.Quasar.gen
Alibaba Backdoor:MSIL/Quasar.f23d0c11
NANO-Antivirus Trojan.Win32.PWS.edqjme
MicroWorld-eScan Gen:Heur.Ransom.Imps.3
Rising Backdoor.xRAT!1.E17E (CLASSIC)
Emsisoft Gen:Heur.Ransom.Imps.3 (B)
F-Secure Heuristic.HEUR/AGEN.1307329
DrWeb BackDoor.Quasar.1
Zillya Trojan.Agent.Win32.4005592
TrendMicro TSPY_TINCLEX.SM1
McAfeeD Real Protect-LS!D0D7CE768120
Trapmine suspicious.low.ml.score
CTX exe.trojan.msil
Sophos ATK/Zaquar-D
SentinelOne Static AI - Malicious PE
FireEye Generic.mg.d0d7ce7681200387
Jiangmin Backdoor.MSIL.acwb
Webroot W32.Trojan.Gen
Google Detected
Avira HEUR/AGEN.1307329
Antiy-AVL Trojan[Spy]/Win32.Agent.foqx
Kingsoft MSIL.Backdoor.Quasar.gen
Gridinsoft Trojan.Win32.Agent.sa
Xcitium Malware@#2v1byhtksqslo
Microsoft Backdoor:MSIL/Quasar.GG!MTB
ZoneAlarm HEUR:Backdoor.MSIL.Quasar.gen
GData MSIL.Backdoor.Quasar.D
Varist W32/MSIL_Mintluks.A.gen!Eldorado
AhnLab-V3 Trojan/Win.Subti.R414075
McAfee FE_Backdoor_MSIL_QUASARRAT_1
TACHYON Trojan/W32.DN-Agent.295424.M
DeepInstinct MALICIOUS