Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	March 19, 2025, 11:13 a.m.	March 19, 2025, 11:15 a.m.

Size	486.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`31cc89253cdf5932f2230949156e6e8e`
SHA256	`4deec3644eb9b38695579cd49eed7628d750d49b8c3ea59ce3e4989a823813bf`
CRC32	`CC9A2058`
ssdeep	`6144:pIlSCa0RPvRz+n8Qr1D0ZGESuHabmvHOE4mCp6qtydBnP+Y4+3sAORZGFX3Xc6RJ:p200OFp+G0imvHn3Cp6qyBP+YdsvZGz`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature infoStealer_browser_b_Zero - browser info stealer Malicious_Packer_Zero - Malicious Packer Network_Downloader - File Downloader IsPE32 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file

frutas.exe "C:\Users\test22\AppData\Local\Temp\frutas.exe"
1476

Name	Response	Post-Analysis Lookup
computador12.ddns-ip.net	A 191.88.252.140	191.88.252.140

IP Address	Status	Action
164.124.101.2	Active	Moloch
191.88.252.140	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

A process attempted to delay the analysis task. (1 event)

description

frutas.exe tried to sleep 355 seconds, actually delayed analysis time by 355 seconds

Creates a windows hook that monitors keyboard input (keylogger) (1 event)

Time & API	Arguments	Status	Return	Repeated
SetWindowsHookExA March 19, 2025, 11:13 a.m.	thread_identifier: 0 callback_function: 0x00409d0a hook_identifier: 13 (WH_KEYBOARD_LL) module_address: 0x00400000	1	66001	0

Generates some ICMP traffic

Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 event)

dead_host

191.88.252.140:30204

File has been identified by 55 AntiVirus engines on VirusTotal as malicious (50 out of 55 events)

Bkav	W32.AIDetectMalware
Cynet	Malicious (score: 100)
Skyhigh	BehavesLike.Win32.Remcos.gh
ALYac	Generic.Dacic.A9349469.A.5F1ACF54
Cylance	Unsafe
VIPRE	Generic.Dacic.A9349469.A.5F1ACF54
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_90% (D)
BitDefender	Generic.Dacic.A9349469.A.5F1ACF54
K7GW	Trojan ( 0053ac2c1 )
K7AntiVirus	Trojan ( 0053ac2c1 )
Arcabit	Generic.Dacic.A9349469.A.5F1ACF54
VirIT	Trojan.Win32.Remcos.DFP
Symantec	ML.Attribute.HighConfidence
Elastic	Windows.Trojan.Remcos
ESET-NOD32	a variant of Win32/Rescoms.B
APEX	Malicious
Avast	Win32:RATX-gen [Trj]
ClamAV	Win.Trojan.Remcos-9841897-0
Kaspersky	HEUR:Backdoor.Win32.Remcos.gen
NANO-Antivirus	Trojan.Win32.Remcos.kvsovm
MicroWorld-eScan	Generic.Dacic.A9349469.A.5F1ACF54
Rising	Backdoor.Remcos!1.BAC7 (CLASSIC)
Emsisoft	Generic.Dacic.A9349469.A.5F1ACF54 (B)
F-Secure	Backdoor.BDS/Backdoor.Gen
DrWeb	BackDoor.Remcos.491
Zillya	Trojan.Rescoms.Win32.2189
McAfeeD	Real Protect-LS!31CC89253CDF
CTX	exe.unknown.dacic
Sophos	Mal/Remcos-B
SentinelOne	Static AI - Malicious PE
FireEye	Generic.mg.31cc89253cdf5932
Webroot	Win.Backdoor.Remcos
Google	Detected
Avira	BDS/Backdoor.Gen
Antiy-AVL	Trojan[Backdoor]/Win32.Remcos
Kingsoft	malware.kb.a.1000
Microsoft	Backdoor:Win32/Remcos.GA!MTB
ZoneAlarm	Mal/Remcos-B
GData	Generic.Dacic.A9349469.A.5F1ACF54
Varist	W32/Agent.JUB.gen!Eldorado
AhnLab-V3	Backdoor/Win.Remcos.R693720
DeepInstinct	MALICIOUS
VBA32	Backdoor.RmRAT
Malwarebytes	Backdoor.Remcos
Ikarus	Trojan.Win32.Remcos
Panda	Trj/Genetic.gen
TrendMicro-HouseCall	Trojan.Win32.VSX.PE04C9V
Tencent	Trojan.Win32.Remcos.16001234
Yandex	Trojan.Rescoms!0xdHUw5uf6o

frutas.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All