Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Jan. 16, 2025, 1:25 p.m.	Jan. 16, 2025, 1:27 p.m.

Size	348.0KB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`43d1f9e4fd0356376bda350486b75335`
SHA256	`539da6b5b3b6974ab6003783ec1bee822e90f4732661818400239ffda7c62f91`
CRC32	`F3D83845`
ssdeep	`6144:d2NHXf500MwdHFPmtH42bp5EGISxBDz4myHfi:kd50GHFPHU5ESxBDcmy/i`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer Is_DotNET_EXE - (no description) Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult IsPE32 - (no description) UPX_Zero - UPX packed file

Name	Response	Post-Analysis Lookup
ip-api.com	A 208.95.112.1	208.95.112.1

IP Address	Status	Action
164.124.101.2	Active	Moloch
208.95.112.1	Active	Moloch
217.195.197.192	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.103:64894 -> 164.124.101.2:53	2054141	ET INFO External IP Lookup Domain in DNS Lookup (ip-api .com)	Device Retrieving External IP Address Detected
TCP 192.168.56.103:49163 -> 208.95.112.1:80	2036383	ET MALWARE Common RAT Connectivity Check Observed	A Network Trojan was detected
TCP 192.168.56.103:49163 -> 208.95.112.1:80	2022082	ET POLICY External IP Lookup ip-api.com	Device Retrieving External IP Address Detected

Suricata TLS

No Suricata TLS

Performs some HTTP requests (1 event)

request

GET http://ip-api.com/json/

Looks up the external IP address (1 event)

domain

ip-api.com

Communicates with host for which no DNS query was performed (1 event)

host

217.195.197.192

File has been identified by 50 AntiVirus engines on VirusTotal as malicious (50 events)

Bkav	W32.AIDetectMalware.CS
CTX	exe.unknown.msil
ALYac	Generic.MSIL.PasswordStealerA.B1CF46B1
Cylance	Unsafe
VIPRE	Generic.MSIL.PasswordStealerA.B1CF46B1
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
K7GW	Trojan ( 00521dab1 )
K7AntiVirus	Trojan ( 00521dab1 )
VirIT	Trojan.Win32.MSIL_Heur.B
Symantec	ML.Attribute.HighConfidence
Elastic	Windows.Trojan.Quasarrat
ESET-NOD32	a variant of MSIL/Spy.Agent.AES
APEX	Malicious
Avast	MSIL:Rat-B [Trj]
ClamAV	Win.Packed.Generic-9829635-0
Kaspersky	Trojan.MSIL.Agent.foww
SUPERAntiSpyware	Trojan.Agent/Gen-PasswordStealer
MicroWorld-eScan	Generic.MSIL.PasswordStealerA.B1CF46B1
Rising	Backdoor.xRAT!1.D01D (CLASSIC)
Emsisoft	Trojan-Spy.Agent (A)
F-Secure	Trojan:w32/QuasarRAT.A1
DrWeb	Trojan.DownLoader27.59888
Zillya	Trojan.Agent.Win32.1113105
TrendMicro	TSPY_TINCLEX.SM1
McAfeeD	Real Protect-LS!43D1F9E4FD03
Trapmine	suspicious.low.ml.score
Sophos	ATK/Zaquar-D
SentinelOne	Static AI - Malicious PE
Jiangmin	Trojan.Generic.ajfvk
Webroot	W32.Malware.Gen
Google	Detected
Avira	HEUR/AGEN.1307329
Antiy-AVL	Trojan[Spy]/Win32.Agent.foqx
Kingsoft	malware.kb.c.1000
Arcabit	Generic.MSIL.PasswordStealerA.B1CF46B1
Microsoft	Backdoor:MSIL/Quasar.GG!MTB
Varist	W32/MSIL_Mintluks.A.gen!Eldorado
AhnLab-V3	Trojan/Win32.Subti.R285137
VBA32	Trojan.MSIL.Quasar.Heur
DeepInstinct	MALICIOUS
Malwarebytes	Generic.Malware.AI.DDS
Ikarus	Backdoor.QuasarRat
TrendMicro-HouseCall	TSPY_TINCLEX.SM1
Tencent	Trojan.Msil.Agent.zc
Yandex	Trojan.Agent!B9mrC1C0DQg
huorong	TrojanSpy/Agent.cq
Fortinet	MSIL/Emotet.5C62!tr
AVG	MSIL:Rat-B [Trj]
alibabacloud	Backdoor:MSIL/Quasar.server

rektupp.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All