Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Nov. 24, 2024, 7:15 p.m.	Nov. 24, 2024, 7:17 p.m.

Size	7.2MB
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`4cf7ec59209b42a0bc261c8cc4e70a48`
SHA256	`2e5e8a0087e49de9ba8df196bc71e3ac0d6c2ca6095ac3ff91205bd9d8eaf678`
CRC32	`A1411A6C`
ssdeep	`98304:pcuEoWQHAnRyKP6O2xxe5W42wWMlKL35:YRA0Z2OaMlW3`
Yara	ftp_command - ftp command Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description) PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file

Name	Response	Post-Analysis Lookup
home.sevkk17sr.top		34.116.198.130
home.sevkk17sr.top		34.116.198.130

IP Address	Status	Action
164.124.101.2	Active	Moloch

Flow	SID	Signature	Category
UDP 192.168.56.103:52762 -> 8.8.8.8:53	2023883	ET DNS Query to a *.top domain - Likely Hostile	Potentially Bad Traffic

No Suricata TLS

domain

home.sevkk17sr.top

description

Generic top level domain TLD

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses Nov. 24, 2024, 7:15 p.m.	flags: 0 family: 0	1	0	0

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.LummaStealer.4!c
CAT-QuickHeal	Trojan.Cryptbot
Skyhigh	BehavesLike.Win32.Worm.wm
ALYac	Gen:Variant.Zusy.564924
Cylance	Unsafe
VIPRE	Gen:Variant.Zusy.564924
Sangfor	Spyware.Win32.Lummastealer.Vpvc
BitDefender	Gen:Variant.Zusy.564924
K7GW	Spyware ( 005bd4b71 )
K7AntiVirus	Spyware ( 005bd4b71 )
Arcabit	Trojan.Zusy.D89EBC
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Spy.LummaStealer_AGen.X
APEX	Malicious
Avast	Win32:MalwareX-gen [Trj]
Alibaba	TrojanSpy:Win32/LummaStealer_AGen.95d0dfab
MicroWorld-eScan	Gen:Variant.Zusy.564924
Rising	Spyware.LummaStealer!8.1A464 (CLOUD)
Emsisoft	Gen:Variant.Zusy.564924 (B)
F-Secure	Trojan.TR/Redcap.gerax
TrendMicro	Trojan.Win32.AMADEY.YXEKWZ
McAfeeD	ti!2E5E8A0087E4
CTX	exe.trojan.lummastealer
Sophos	Mal/Generic-S
FireEye	Gen:Variant.Zusy.564924
Google	Detected
Avira	TR/Redcap.gerax
Antiy-AVL	GrayWare/Win32.Wacapew
Gridinsoft	Ransom.Win32.STOP.sa
Xcitium	Malware@#3464c2brff3pi
Microsoft	Trojan:Win32/CryptBot.AN!MTB
GData	Win32.Trojan.PSE.11NVU5L
Varist	W32/LummaStealer.C.gen!Eldorado
AhnLab-V3	Malware/Win.Generic.C5685959
McAfee	Artemis!4CF7EC59209B
DeepInstinct	MALICIOUS
VBA32	TrojanRansom.Stop
Malwarebytes	Floxif.Virus.FileInfector.DDS
Ikarus	Trojan-Spy.Zbot
Panda	Trj/Genetic.gen
TrendMicro-HouseCall	Trojan.Win32.AMADEY.YXEKWZ
huorong	TrojanSpy/LummaStealer.z
Fortinet	W32/GenericKD.74371128!tr
AVG	Win32:MalwareX-gen [Trj]
Paloalto	generic.ml
alibabacloud	Trojan[spy]:Win/LummaStealer_AGen.X

4.exe