Summary | ZeroBOX

evetbeta.exe

Browser Login Data Stealer Malicious Library Downloader UPX Malicious Packer PE File PE32
Category Machine Started Completed
FILE s1_win7_x6401 Dec. 19, 2024, 8:42 a.m. Dec. 19, 2024, 8:44 a.m.
Size 92.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 6f6137e6f85dc8dac7ff87ca4c86af4c
SHA256 a370eacabf4af9caa5502c39b40c95eda6be23666231e24da1b56277a222f3e9
CRC32 A9469C85
ssdeep 1536:ohhW0YTGZWdVseJxaM9kraLdV2QkQ1TbPX8IHOCkIsI4ESHNTh9E+JP19qkP60rq:uhzYTGWVvJ8f2v1TbPzuMsIFSHNThy+O
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Network_Downloader - File Downloader
  • infoStealer_browser_b_Zero - browser info stealer
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
tr3.localto.net 5.75.234.8
IP Address Status Action
164.124.101.2 Active Moloch
5.75.234.8 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

0 0
Time & API Arguments Status Return Repeated

WriteConsoleA

buffer: * REMCOS v1.7 Pro * Breaking-Security.Net
console_handle: 0x0000000f
1 1 0

WriteConsoleA

buffer: 09:42:28:984 [INFO] Initializing connection to C&C...
console_handle: 0x0000000f
1 1 0
packer Armadillo v1.71
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Remcos.4!c
Cynet Malicious (score: 100)
CAT-QuickHeal Trojan.Mauvaise.SL1
Skyhigh BehavesLike.Win32.Remcos.nh
ALYac Trojan.Inject.BDT
Cylance Unsafe
VIPRE Trojan.Inject.BDT
Sangfor Backdoor.Win32.Rescoms.V3or
CrowdStrike win/malicious_confidence_100% (W)
BitDefender Trojan.Inject.BDT
K7GW Trojan ( 004f67651 )
K7AntiVirus Trojan ( 004f67651 )
Arcabit Trojan.Inject.BDT
VirIT Trojan.Win32.Rescom.HZS
Symantec Infostealer!im
Elastic Windows.Generic.Threat
ESET-NOD32 Win32/Agent.RXL
APEX Malicious
Avast Win32:RemcosRAT-A [Trj]
ClamAV Win.Malware.Azden-7587127-0
Kaspersky HEUR:Trojan.Win32.Generic
Alibaba Backdoor:Win32/Rescoms.32f
NANO-Antivirus Trojan.Win32.AD.erfeyu
SUPERAntiSpyware Backdoor.Remcos/Variant
MicroWorld-eScan Trojan.Inject.BDT
Rising Backdoor.Remcos!1.B4AD (CLASSIC)
Emsisoft Trojan.Agent (A)
F-Secure Heuristic.HEUR/AGEN.1341432
DrWeb Trojan.DownLoader23.42497
Zillya Trojan.Agent.Win32.742092
TrendMicro BKDR_SOCMER.SM
McAfeeD Real Protect-LS!6F6137E6F85D
Trapmine malicious.high.ml.score
CTX exe.trojan.remcos
Sophos Troj/Remcos-DI
SentinelOne Static AI - Malicious PE
FireEye Generic.mg.6f6137e6f85dc8da
Jiangmin Trojan.Generic.bgmwv
Webroot W32.Malware.gen
Google Detected
Avira HEUR/AGEN.1341432
Antiy-AVL Trojan[Backdoor]/Win32.Rescoms
Kingsoft malware.kb.a.1000
Gridinsoft Trojan.Win32.Remcos.tr
Xcitium TrojWare.Win32.Rescoms.A@70v67g
Microsoft Backdoor:Win32/Rescoms!pz
ViRobot Trojan.Win32.Agent.94208.EA
GData Win32.Backdoor.Remcos.B
Varist W32/Injector.AKNB-1880
dead_host 192.168.56.101:49181
dead_host 192.168.56.101:49180
dead_host 192.168.56.101:49161
dead_host 192.168.56.101:49171
dead_host 5.75.234.8:40505
dead_host 192.168.56.101:49167
dead_host 192.168.56.101:49169
dead_host 192.168.56.101:49166
dead_host 192.168.56.101:49179
dead_host 192.168.56.101:49168
dead_host 192.168.56.101:49165
dead_host 192.168.56.101:49178
dead_host 192.168.56.101:49175
dead_host 192.168.56.101:49164
dead_host 192.168.56.101:49177
dead_host 192.168.56.101:49174
dead_host 192.168.56.101:49176
dead_host 192.168.56.101:49173
dead_host 192.168.56.101:49182