Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Jan. 7, 2025, 3:42 p.m.	Jan. 7, 2025, 3:44 p.m.

Size	43.0KB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`587b41a4b882a71a5e8e1ed72f9514a1`
SHA256	`4160cb40509ff8d695b3a0c5f05fe83ab0b713036aa864504af1050b9253ad48`
CRC32	`028AD616`
ssdeep	`384:TZyGRFAJ2HytDU6jDgwMMzio8qpuu9D9O5UE5QzwBlpJNakkjh/TzF7pWnDmgre/:d32oStgI0Y+zq8vQO+au+L`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description) IsPE32 - (no description)

Name	Response	Post-Analysis Lookup
run-motherboard.gl.at.ply.gg		147.185.221.17

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.103:64894 -> 164.124.101.2:53	2044590	ET INFO playit .gg Tunneling Domain in DNS Lookup	Potentially Bad Traffic
UDP 192.168.56.103:64894 -> 164.124.101.2:53	2054989	ET INFO Tunneling Service in DNS Lookup (* .ply .gg)	Misc activity
UDP 192.168.56.103:53673 -> 8.8.8.8:53	2044590	ET INFO playit .gg Tunneling Domain in DNS Lookup	Potentially Bad Traffic
UDP 192.168.56.103:53673 -> 8.8.8.8:53	2054989	ET INFO Tunneling Service in DNS Lookup (* .ply .gg)	Misc activity
UDP 192.168.56.103:64894 -> 164.124.101.2:53	2044590	ET INFO playit .gg Tunneling Domain in DNS Lookup	Potentially Bad Traffic
UDP 192.168.56.103:64894 -> 164.124.101.2:53	2054989	ET INFO Tunneling Service in DNS Lookup (* .ply .gg)	Misc activity
UDP 192.168.56.103:53673 -> 164.124.101.2:53	2044590	ET INFO playit .gg Tunneling Domain in DNS Lookup	Potentially Bad Traffic
UDP 192.168.56.103:53673 -> 164.124.101.2:53	2054989	ET INFO Tunneling Service in DNS Lookup (* .ply .gg)	Misc activity
UDP 192.168.56.103:64894 -> 164.124.101.2:53	2044590	ET INFO playit .gg Tunneling Domain in DNS Lookup	Potentially Bad Traffic
UDP 192.168.56.103:53673 -> 8.8.8.8:53	2044590	ET INFO playit .gg Tunneling Domain in DNS Lookup	Potentially Bad Traffic
UDP 192.168.56.103:64894 -> 164.124.101.2:53	2054989	ET INFO Tunneling Service in DNS Lookup (* .ply .gg)	Misc activity
UDP 192.168.56.103:53673 -> 8.8.8.8:53	2054989	ET INFO Tunneling Service in DNS Lookup (* .ply .gg)	Misc activity
UDP 192.168.56.103:56613 -> 8.8.8.8:53	2044590	ET INFO playit .gg Tunneling Domain in DNS Lookup	Potentially Bad Traffic
UDP 192.168.56.103:56613 -> 8.8.8.8:53	2054989	ET INFO Tunneling Service in DNS Lookup (* .ply .gg)	Misc activity
UDP 192.168.56.103:52760 -> 164.124.101.2:53	2044590	ET INFO playit .gg Tunneling Domain in DNS Lookup	Potentially Bad Traffic
UDP 192.168.56.103:52760 -> 164.124.101.2:53	2054989	ET INFO Tunneling Service in DNS Lookup (* .ply .gg)	Misc activity
UDP 192.168.56.103:56613 -> 8.8.8.8:53	2044590	ET INFO playit .gg Tunneling Domain in DNS Lookup	Potentially Bad Traffic
UDP 192.168.56.103:56613 -> 8.8.8.8:53	2054989	ET INFO Tunneling Service in DNS Lookup (* .ply .gg)	Misc activity
UDP 192.168.56.103:52760 -> 164.124.101.2:53	2044590	ET INFO playit .gg Tunneling Domain in DNS Lookup	Potentially Bad Traffic
UDP 192.168.56.103:52760 -> 164.124.101.2:53	2054989	ET INFO Tunneling Service in DNS Lookup (* .ply .gg)	Misc activity
UDP 192.168.56.103:52760 -> 164.124.101.2:53	2044590	ET INFO playit .gg Tunneling Domain in DNS Lookup	Potentially Bad Traffic
UDP 192.168.56.103:56613 -> 8.8.8.8:53	2044590	ET INFO playit .gg Tunneling Domain in DNS Lookup	Potentially Bad Traffic
UDP 192.168.56.103:52760 -> 164.124.101.2:53	2054989	ET INFO Tunneling Service in DNS Lookup (* .ply .gg)	Misc activity
UDP 192.168.56.103:56613 -> 8.8.8.8:53	2054989	ET INFO Tunneling Service in DNS Lookup (* .ply .gg)	Misc activity
UDP 192.168.56.103:52760 -> 8.8.8.8:53	2044590	ET INFO playit .gg Tunneling Domain in DNS Lookup	Potentially Bad Traffic
UDP 192.168.56.103:52760 -> 8.8.8.8:53	2054989	ET INFO Tunneling Service in DNS Lookup (* .ply .gg)	Misc activity
UDP 192.168.56.103:56613 -> 8.8.8.8:53	2044590	ET INFO playit .gg Tunneling Domain in DNS Lookup	Potentially Bad Traffic
UDP 192.168.56.103:56613 -> 8.8.8.8:53	2054989	ET INFO Tunneling Service in DNS Lookup (* .ply .gg)	Misc activity
UDP 192.168.56.103:64178 -> 164.124.101.2:53	2044590	ET INFO playit .gg Tunneling Domain in DNS Lookup	Potentially Bad Traffic
UDP 192.168.56.103:64178 -> 164.124.101.2:53	2054989	ET INFO Tunneling Service in DNS Lookup (* .ply .gg)	Misc activity
UDP 192.168.56.103:64178 -> 8.8.8.8:53	2044590	ET INFO playit .gg Tunneling Domain in DNS Lookup	Potentially Bad Traffic
UDP 192.168.56.103:64178 -> 8.8.8.8:53	2054989	ET INFO Tunneling Service in DNS Lookup (* .ply .gg)	Misc activity
UDP 192.168.56.103:64178 -> 164.124.101.2:53	2044590	ET INFO playit .gg Tunneling Domain in DNS Lookup	Potentially Bad Traffic
UDP 192.168.56.103:64178 -> 164.124.101.2:53	2054989	ET INFO Tunneling Service in DNS Lookup (* .ply .gg)	Misc activity
UDP 192.168.56.103:64178 -> 8.8.8.8:53	2044590	ET INFO playit .gg Tunneling Domain in DNS Lookup	Potentially Bad Traffic
UDP 192.168.56.103:64178 -> 8.8.8.8:53	2054989	ET INFO Tunneling Service in DNS Lookup (* .ply .gg)	Misc activity
UDP 192.168.56.103:64178 -> 164.124.101.2:53	2044590	ET INFO playit .gg Tunneling Domain in DNS Lookup	Potentially Bad Traffic
UDP 192.168.56.103:64178 -> 164.124.101.2:53	2054989	ET INFO Tunneling Service in DNS Lookup (* .ply .gg)	Misc activity
UDP 192.168.56.103:64178 -> 8.8.8.8:53	2044590	ET INFO playit .gg Tunneling Domain in DNS Lookup	Potentially Bad Traffic
UDP 192.168.56.103:64178 -> 8.8.8.8:53	2054989	ET INFO Tunneling Service in DNS Lookup (* .ply .gg)	Misc activity
UDP 192.168.56.103:52760 -> 8.8.8.8:53	2044590	ET INFO playit .gg Tunneling Domain in DNS Lookup	Potentially Bad Traffic
UDP 192.168.56.103:64178 -> 8.8.8.8:53	2044590	ET INFO playit .gg Tunneling Domain in DNS Lookup	Potentially Bad Traffic
UDP 192.168.56.103:52760 -> 8.8.8.8:53	2054989	ET INFO Tunneling Service in DNS Lookup (* .ply .gg)	Misc activity
UDP 192.168.56.103:64178 -> 8.8.8.8:53	2054989	ET INFO Tunneling Service in DNS Lookup (* .ply .gg)	Misc activity
UDP 192.168.56.103:52760 -> 8.8.8.8:53	2044590	ET INFO playit .gg Tunneling Domain in DNS Lookup	Potentially Bad Traffic
UDP 192.168.56.103:53658 -> 8.8.8.8:53	2044590	ET INFO playit .gg Tunneling Domain in DNS Lookup	Potentially Bad Traffic
UDP 192.168.56.103:52760 -> 8.8.8.8:53	2054989	ET INFO Tunneling Service in DNS Lookup (* .ply .gg)	Misc activity
UDP 192.168.56.103:53658 -> 8.8.8.8:53	2054989	ET INFO Tunneling Service in DNS Lookup (* .ply .gg)	Misc activity
UDP 192.168.56.103:53673 -> 164.124.101.2:53	2044590	ET INFO playit .gg Tunneling Domain in DNS Lookup	Potentially Bad Traffic
UDP 192.168.56.103:53673 -> 164.124.101.2:53	2054989	ET INFO Tunneling Service in DNS Lookup (* .ply .gg)	Misc activity
UDP 192.168.56.103:53658 -> 164.124.101.2:53	2044590	ET INFO playit .gg Tunneling Domain in DNS Lookup	Potentially Bad Traffic
UDP 192.168.56.103:53658 -> 164.124.101.2:53	2054989	ET INFO Tunneling Service in DNS Lookup (* .ply .gg)	Misc activity
UDP 192.168.56.103:53673 -> 8.8.8.8:53	2044590	ET INFO playit .gg Tunneling Domain in DNS Lookup	Potentially Bad Traffic
UDP 192.168.56.103:53673 -> 8.8.8.8:53	2054989	ET INFO Tunneling Service in DNS Lookup (* .ply .gg)	Misc activity
UDP 192.168.56.103:53658 -> 8.8.8.8:53	2044590	ET INFO playit .gg Tunneling Domain in DNS Lookup	Potentially Bad Traffic
UDP 192.168.56.103:53658 -> 8.8.8.8:53	2054989	ET INFO Tunneling Service in DNS Lookup (* .ply .gg)	Misc activity
UDP 192.168.56.103:53673 -> 164.124.101.2:53	2044590	ET INFO playit .gg Tunneling Domain in DNS Lookup	Potentially Bad Traffic
UDP 192.168.56.103:53673 -> 164.124.101.2:53	2054989	ET INFO Tunneling Service in DNS Lookup (* .ply .gg)	Misc activity
UDP 192.168.56.103:53658 -> 164.124.101.2:53	2044590	ET INFO playit .gg Tunneling Domain in DNS Lookup	Potentially Bad Traffic
UDP 192.168.56.103:53658 -> 164.124.101.2:53	2054989	ET INFO Tunneling Service in DNS Lookup (* .ply .gg)	Misc activity
UDP 192.168.56.103:53673 -> 8.8.8.8:53	2044590	ET INFO playit .gg Tunneling Domain in DNS Lookup	Potentially Bad Traffic
UDP 192.168.56.103:53673 -> 8.8.8.8:53	2054989	ET INFO Tunneling Service in DNS Lookup (* .ply .gg)	Misc activity
UDP 192.168.56.103:53658 -> 8.8.8.8:53	2044590	ET INFO playit .gg Tunneling Domain in DNS Lookup	Potentially Bad Traffic
UDP 192.168.56.103:53658 -> 8.8.8.8:53	2054989	ET INFO Tunneling Service in DNS Lookup (* .ply .gg)	Misc activity
UDP 192.168.56.103:52760 -> 8.8.8.8:53	2044590	ET INFO playit .gg Tunneling Domain in DNS Lookup	Potentially Bad Traffic
UDP 192.168.56.103:52760 -> 8.8.8.8:53	2054989	ET INFO Tunneling Service in DNS Lookup (* .ply .gg)	Misc activity
UDP 192.168.56.103:64894 -> 8.8.8.8:53	2044590	ET INFO playit .gg Tunneling Domain in DNS Lookup	Potentially Bad Traffic
UDP 192.168.56.103:64894 -> 8.8.8.8:53	2054989	ET INFO Tunneling Service in DNS Lookup (* .ply .gg)	Misc activity
UDP 192.168.56.103:64894 -> 8.8.8.8:53	2044590	ET INFO playit .gg Tunneling Domain in DNS Lookup	Potentially Bad Traffic
UDP 192.168.56.103:64894 -> 8.8.8.8:53	2054989	ET INFO Tunneling Service in DNS Lookup (* .ply .gg)	Misc activity
UDP 192.168.56.103:64894 -> 8.8.8.8:53	2044590	ET INFO playit .gg Tunneling Domain in DNS Lookup	Potentially Bad Traffic
UDP 192.168.56.103:64894 -> 8.8.8.8:53	2054989	ET INFO Tunneling Service in DNS Lookup (* .ply .gg)	Misc activity
UDP 192.168.56.103:64894 -> 8.8.8.8:53	2044590	ET INFO playit .gg Tunneling Domain in DNS Lookup	Potentially Bad Traffic
UDP 192.168.56.103:64894 -> 8.8.8.8:53	2054989	ET INFO Tunneling Service in DNS Lookup (* .ply .gg)	Misc activity
UDP 192.168.56.103:56613 -> 164.124.101.2:53	2044590	ET INFO playit .gg Tunneling Domain in DNS Lookup	Potentially Bad Traffic
UDP 192.168.56.103:56613 -> 164.124.101.2:53	2054989	ET INFO Tunneling Service in DNS Lookup (* .ply .gg)	Misc activity
UDP 192.168.56.103:56613 -> 164.124.101.2:53	2044590	ET INFO playit .gg Tunneling Domain in DNS Lookup	Potentially Bad Traffic
UDP 192.168.56.103:56613 -> 164.124.101.2:53	2054989	ET INFO Tunneling Service in DNS Lookup (* .ply .gg)	Misc activity
UDP 192.168.56.103:56613 -> 164.124.101.2:53	2044590	ET INFO playit .gg Tunneling Domain in DNS Lookup	Potentially Bad Traffic
UDP 192.168.56.103:56613 -> 164.124.101.2:53	2054989	ET INFO Tunneling Service in DNS Lookup (* .ply .gg)	Misc activity
UDP 192.168.56.103:64530 -> 164.124.101.2:53	2044590	ET INFO playit .gg Tunneling Domain in DNS Lookup	Potentially Bad Traffic
UDP 192.168.56.103:64530 -> 164.124.101.2:53	2054989	ET INFO Tunneling Service in DNS Lookup (* .ply .gg)	Misc activity
UDP 192.168.56.103:64530 -> 164.124.101.2:53	2044590	ET INFO playit .gg Tunneling Domain in DNS Lookup	Potentially Bad Traffic
UDP 192.168.56.103:64530 -> 164.124.101.2:53	2054989	ET INFO Tunneling Service in DNS Lookup (* .ply .gg)	Misc activity
UDP 192.168.56.103:64530 -> 164.124.101.2:53	2044590	ET INFO playit .gg Tunneling Domain in DNS Lookup	Potentially Bad Traffic
UDP 192.168.56.103:64530 -> 164.124.101.2:53	2054989	ET INFO Tunneling Service in DNS Lookup (* .ply .gg)	Misc activity
UDP 192.168.56.103:62576 -> 164.124.101.2:53	2044590	ET INFO playit .gg Tunneling Domain in DNS Lookup	Potentially Bad Traffic
UDP 192.168.56.103:62576 -> 164.124.101.2:53	2054989	ET INFO Tunneling Service in DNS Lookup (* .ply .gg)	Misc activity
UDP 192.168.56.103:62576 -> 164.124.101.2:53	2044590	ET INFO playit .gg Tunneling Domain in DNS Lookup	Potentially Bad Traffic
UDP 192.168.56.103:62576 -> 164.124.101.2:53	2054989	ET INFO Tunneling Service in DNS Lookup (* .ply .gg)	Misc activity
UDP 192.168.56.103:62576 -> 164.124.101.2:53	2044590	ET INFO playit .gg Tunneling Domain in DNS Lookup	Potentially Bad Traffic
UDP 192.168.56.103:62576 -> 164.124.101.2:53	2054989	ET INFO Tunneling Service in DNS Lookup (* .ply .gg)	Misc activity
UDP 192.168.56.103:64530 -> 8.8.8.8:53	2044590	ET INFO playit .gg Tunneling Domain in DNS Lookup	Potentially Bad Traffic
UDP 192.168.56.103:64530 -> 8.8.8.8:53	2054989	ET INFO Tunneling Service in DNS Lookup (* .ply .gg)	Misc activity
UDP 192.168.56.103:64530 -> 8.8.8.8:53	2044590	ET INFO playit .gg Tunneling Domain in DNS Lookup	Potentially Bad Traffic
UDP 192.168.56.103:64530 -> 8.8.8.8:53	2054989	ET INFO Tunneling Service in DNS Lookup (* .ply .gg)	Misc activity
UDP 192.168.56.103:64530 -> 8.8.8.8:53	2044590	ET INFO playit .gg Tunneling Domain in DNS Lookup	Potentially Bad Traffic
UDP 192.168.56.103:64530 -> 8.8.8.8:53	2054989	ET INFO Tunneling Service in DNS Lookup (* .ply .gg)	Misc activity
UDP 192.168.56.103:64530 -> 8.8.8.8:53	2044590	ET INFO playit .gg Tunneling Domain in DNS Lookup	Potentially Bad Traffic
UDP 192.168.56.103:64530 -> 8.8.8.8:53	2054989	ET INFO Tunneling Service in DNS Lookup (* .ply .gg)	Misc activity
UDP 192.168.56.103:62576 -> 8.8.8.8:53	2044590	ET INFO playit .gg Tunneling Domain in DNS Lookup	Potentially Bad Traffic
UDP 192.168.56.103:62576 -> 8.8.8.8:53	2054989	ET INFO Tunneling Service in DNS Lookup (* .ply .gg)	Misc activity
UDP 192.168.56.103:62576 -> 8.8.8.8:53	2044590	ET INFO playit .gg Tunneling Domain in DNS Lookup	Potentially Bad Traffic
UDP 192.168.56.103:62576 -> 8.8.8.8:53	2054989	ET INFO Tunneling Service in DNS Lookup (* .ply .gg)	Misc activity
UDP 192.168.56.103:62576 -> 8.8.8.8:53	2044590	ET INFO playit .gg Tunneling Domain in DNS Lookup	Potentially Bad Traffic
UDP 192.168.56.103:62576 -> 8.8.8.8:53	2054989	ET INFO Tunneling Service in DNS Lookup (* .ply .gg)	Misc activity
UDP 192.168.56.103:62576 -> 8.8.8.8:53	2044590	ET INFO playit .gg Tunneling Domain in DNS Lookup	Potentially Bad Traffic
UDP 192.168.56.103:62576 -> 8.8.8.8:53	2054989	ET INFO Tunneling Service in DNS Lookup (* .ply .gg)	Misc activity

Suricata TLS

No Suricata TLS

File has been identified by 58 AntiVirus engines on VirusTotal as malicious (50 out of 58 events)

Bkav	W32.AIDetectMalware.CS
Lionic	Trojan.Win32.Bladabindi.4!c
CAT-QuickHeal	Trojan.YakbeexMSIL.ZZ4
Skyhigh	BehavesLike.Win32.Trojan.pm
ALYac	Generic.Malware.SLcbg.E4F6B9B4
Cylance	Unsafe
VIPRE	Generic.Malware.SLcbg.E4F6B9B4
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
BitDefender	Generic.Malware.SLcbg.E4F6B9B4
K7GW	Trojan ( 700000121 )
K7AntiVirus	Trojan ( 700000121 )
Arcabit	Generic.Malware.SLcbg.E4F6B9B4
VirIT	Trojan.Win32.Dnldr23.CWNS
Symantec	ML.Attribute.HighConfidence
Elastic	Windows.Trojan.Njrat
ESET-NOD32	a variant of MSIL/Bladabindi.BB
APEX	Malicious
Avast	Win32:BackDoor-AFW [Trj]
ClamAV	Win.Packed.Msilperseus-9220094-0
Kaspersky	HEUR:Trojan.Win32.Generic
Alibaba	Trojan:MSIL/Bladabindi.70a94920
MicroWorld-eScan	Generic.Malware.SLcbg.E4F6B9B4
Rising	Backdoor.njRAT!1.C5D1 (CLASSIC)
Emsisoft	Trojan.Bladabindi (A)
F-Secure	Trojan:W32/njRAT.B
DrWeb	Trojan.DownLoader24.916
Zillya	Trojan.Bladabindi.Win32.84476
McAfeeD	Real Protect-LS!587B41A4B882
Trapmine	malicious.high.ml.score
CTX	exe.trojan.bladabindi
Sophos	Troj/Bladabi-DR
SentinelOne	Static AI - Malicious PE
FireEye	Generic.mg.587b41a4b882a71a
Jiangmin	Trojan.Generic.arrkp
Webroot	W32.Trojan.Gen
Google	Detected
Avira	TR/Dropper.Gen7
Antiy-AVL	Trojan[Backdoor]/MSIL.Bladabindi
Kingsoft	malware.kb.c.1000
Gridinsoft	Trojan.Win32.NjRat.tr
Xcitium	TrojWare.MSIL.Bladabindi.CC@7ebfqa
Microsoft	Trojan:MSIL/Bladabindi.OE!MTB
ViRobot	Trojan.Win.Z.Bladabindi.44032.EJB
GData	MSIL.Backdoor.Bladabindi.BV
Varist	W32/MSIL_Bladabindi.A.gen!Eldorado
AhnLab-V3	Win-Trojan/NjRAT04.Exp
McAfee	Trojan-FUTJ!587B41A4B882
DeepInstinct	MALICIOUS
VBA32	Trojan.MSIL.Bladabindi.Heur

sela.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All