Summary | ZeroBOX

hbfgjhhesfd.exe

Generic Malware .NET framework(MSIL) Malicious Library UPX Malicious Packer PE File PE32 .NET EXE
Category Machine Started Completed
FILE s1_win7_x6403_us Nov. 8, 2024, 4:57 p.m. Nov. 8, 2024, 5:04 p.m.
Size 288.5KB
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 2b3a191ee1f6d3b21d03ee54aa40b604
SHA256 f0d45f8340cd203ee98c7765267175576d8017df5166f425f8a7483cb35a91c8
CRC32 29C74EAD
ssdeep 6144:k7zO0LSclT6FOwEP5Kq+SMv0VGb7bDcllbken:alJtTF9zVGkllbkm
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • Is_DotNET_EXE - (no description)
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file

IP Address Status Action
164.124.101.2 Active Moloch
82.117.243.110 Active Moloch

Suricata Alerts

Flow SID Signature Category
UDP 192.168.56.103:52760 -> 164.124.101.2:53 2054141 ET INFO External IP Lookup Domain in DNS Lookup (ip-api .com) Device Retrieving External IP Address Detected
UDP 192.168.56.103:52760 -> 8.8.8.8:53 2054141 ET INFO External IP Lookup Domain in DNS Lookup (ip-api .com) Device Retrieving External IP Address Detected
UDP 192.168.56.103:52760 -> 8.8.8.8:53 2054141 ET INFO External IP Lookup Domain in DNS Lookup (ip-api .com) Device Retrieving External IP Address Detected
UDP 192.168.56.103:52760 -> 164.124.101.2:53 2054141 ET INFO External IP Lookup Domain in DNS Lookup (ip-api .com) Device Retrieving External IP Address Detected
UDP 192.168.56.103:52760 -> 8.8.8.8:53 2054141 ET INFO External IP Lookup Domain in DNS Lookup (ip-api .com) Device Retrieving External IP Address Detected
UDP 192.168.56.103:52760 -> 164.124.101.2:53 2054141 ET INFO External IP Lookup Domain in DNS Lookup (ip-api .com) Device Retrieving External IP Address Detected
UDP 192.168.56.103:52760 -> 8.8.8.8:53 2054141 ET INFO External IP Lookup Domain in DNS Lookup (ip-api .com) Device Retrieving External IP Address Detected
UDP 192.168.56.103:64894 -> 8.8.8.8:53 2036860 ET INFO External IP Lookup Domain (freegeiop .net in DNS lookup) Device Retrieving External IP Address Detected
UDP 192.168.56.103:64894 -> 8.8.8.8:53 2036860 ET INFO External IP Lookup Domain (freegeiop .net in DNS lookup) Device Retrieving External IP Address Detected
UDP 192.168.56.103:64894 -> 8.8.8.8:53 2036860 ET INFO External IP Lookup Domain (freegeiop .net in DNS lookup) Device Retrieving External IP Address Detected
UDP 192.168.56.103:64894 -> 8.8.8.8:53 2036860 ET INFO External IP Lookup Domain (freegeiop .net in DNS lookup) Device Retrieving External IP Address Detected
UDP 192.168.56.103:64894 -> 164.124.101.2:53 2036860 ET INFO External IP Lookup Domain (freegeiop .net in DNS lookup) Device Retrieving External IP Address Detected
UDP 192.168.56.103:53673 -> 8.8.8.8:53 2047702 ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup Misc activity
UDP 192.168.56.103:53673 -> 164.124.101.2:53 2047702 ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup Misc activity
UDP 192.168.56.103:53673 -> 8.8.8.8:53 2047702 ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup Misc activity
UDP 192.168.56.103:64894 -> 164.124.101.2:53 2036860 ET INFO External IP Lookup Domain (freegeiop .net in DNS lookup) Device Retrieving External IP Address Detected
UDP 192.168.56.103:53673 -> 164.124.101.2:53 2047702 ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup Misc activity
UDP 192.168.56.103:53673 -> 8.8.8.8:53 2047702 ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup Misc activity
UDP 192.168.56.103:53673 -> 164.124.101.2:53 2047702 ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup Misc activity
UDP 192.168.56.103:53673 -> 8.8.8.8:53 2047702 ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup Misc activity
UDP 192.168.56.103:64894 -> 164.124.101.2:53 2036860 ET INFO External IP Lookup Domain (freegeiop .net in DNS lookup) Device Retrieving External IP Address Detected

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameW

computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

WriteConsoleW

buffer: SUCCESS: The scheduled task "Framework" has successfully been created.
console_handle: 0x00000007
1 1 0
domain api.ipify.org
domain ip-api.com
host 82.117.243.110
dead_host 82.117.243.110:5173
Bkav W32.AIDetectMalware.CS
Lionic Trojan.Win32.Quasar.m!c
CAT-QuickHeal Backdoor.MsilFC.S6050939
Skyhigh BehavesLike.Win32.Generic.dh
Cylance Unsafe
VIPRE Gen:Heur.Ransom.Imps.3
CrowdStrike win/malicious_confidence_100% (W)
BitDefender Gen:Heur.Ransom.Imps.3
K7GW Trojan ( 00562f821 )
K7AntiVirus Trojan ( 00562f821 )
Arcabit Trojan.Ransom.Imps.3
VirIT Backdoor.Win32.Quasar.AM
Symantec ML.Attribute.HighConfidence
Elastic Windows.Trojan.Quasarrat
ESET-NOD32 a variant of MSIL/Spy.Agent.AES
APEX Malicious
Avast MSIL:Rat-B [Trj]
ClamAV Win.Trojan.Barys-1
Kaspersky HEUR:Backdoor.MSIL.Quasar.gen
Alibaba Backdoor:MSIL/Quasar.afbd63ce
NANO-Antivirus Trojan.Win32.PWS.edqjme
MicroWorld-eScan Gen:Heur.Ransom.Imps.3
Rising Backdoor.xRAT!1.E17E (CLASSIC)
Emsisoft Gen:Heur.Ransom.Imps.3 (B)
F-Secure Heuristic.HEUR/AGEN.1307329
DrWeb BackDoor.Quasar.1
Zillya Trojan.Agent.Win32.4005592
TrendMicro TSPY_TINCLEX.SM1
McAfeeD Real Protect-LS!2B3A191EE1F6
Trapmine suspicious.low.ml.score
CTX exe.trojan.msil
Sophos ATK/Zaquar-D
SentinelOne Static AI - Malicious PE
FireEye Generic.mg.2b3a191ee1f6d3b2
Jiangmin Backdoor.MSIL.acwb
Webroot W32.Trojan.Gen
Google Detected
Avira HEUR/AGEN.1307329
Antiy-AVL Trojan[Spy]/Win32.Agent.foqx
Kingsoft malware.kb.c.1000
Gridinsoft Trojan.Win32.Agent.sa
Xcitium Malware@#2thp9boc5ut0w
Microsoft Backdoor:MSIL/Quasar.GG!MTB
ZoneAlarm HEUR:Backdoor.MSIL.Quasar.gen
GData MSIL.Backdoor.Quasar.D
Varist W32/MSIL_Mintluks.A.gen!Eldorado
AhnLab-V3 Trojan/Win.Subti.R414075
McAfee GenericRXDY-OW!2B3A191EE1F6
TACHYON Trojan/W32.DN-Agent.295424.M
DeepInstinct MALICIOUS