Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | March 30, 2021, 10:47 a.m. | March 30, 2021, 10:57 a.m. |
-
md4_4igk.exe "C:\Users\test22\AppData\Local\Temp\md4_4igk.exe"
8768
Name | Response | Post-Analysis Lookup |
---|---|---|
iplogger.org | 88.99.66.31 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.102:49808 -> 88.99.66.31:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.102:49808 88.99.66.31:443 |
C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA | CN=*.iplogger.org | 55:1e:13:99:46:1c:67:40:a3:48:7f:38:0d:16:e7:51:f4:c4:43:cb |
resource name | AFX_DIALOG_LAYOUT |
suspicious_features | Connection to IP address | suspicious_request | GET http://101.36.107.74/seemorebty/il.php?e=md4_4igk |
request | GET http://101.36.107.74/seemorebty/il.php?e=md4_4igk |
request | GET https://iplogger.org/Zn4V3 |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Cookies |
name | AFX_DIALOG_LAYOUT | language | LANG_CHINESE | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0013b438 | size | 0x00000002 | ||||||||||||||||||
name | RT_ICON | language | LANG_CHINESE | filetype | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0019c010 | size | 0x00007cb1 | ||||||||||||||||||
name | RT_ICON | language | LANG_CHINESE | filetype | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0019c010 | size | 0x00007cb1 | ||||||||||||||||||
name | RT_ICON | language | LANG_CHINESE | filetype | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0019c010 | size | 0x00007cb1 | ||||||||||||||||||
name | RT_ICON | language | LANG_CHINESE | filetype | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0019c010 | size | 0x00007cb1 | ||||||||||||||||||
name | RT_ICON | language | LANG_CHINESE | filetype | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0019c010 | size | 0x00007cb1 | ||||||||||||||||||
name | RT_ICON | language | LANG_CHINESE | filetype | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0019c010 | size | 0x00007cb1 | ||||||||||||||||||
name | RT_ICON | language | LANG_CHINESE | filetype | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0019c010 | size | 0x00007cb1 | ||||||||||||||||||
name | RT_ICON | language | LANG_CHINESE | filetype | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0019c010 | size | 0x00007cb1 | ||||||||||||||||||
name | RT_ICON | language | LANG_CHINESE | filetype | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0019c010 | size | 0x00007cb1 | ||||||||||||||||||
name | RT_ICON | language | LANG_CHINESE | filetype | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0019c010 | size | 0x00007cb1 | ||||||||||||||||||
name | RT_ICON | language | LANG_CHINESE | filetype | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0019c010 | size | 0x00007cb1 | ||||||||||||||||||
name | RT_ICON | language | LANG_CHINESE | filetype | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0019c010 | size | 0x00007cb1 | ||||||||||||||||||
name | RT_ICON | language | LANG_CHINESE | filetype | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0019c010 | size | 0x00007cb1 | ||||||||||||||||||
name | RT_DIALOG | language | LANG_CHINESE | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0013b3a0 | size | 0x00000094 | ||||||||||||||||||
name | RT_GROUP_ICON | language | LANG_CHINESE | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x001a3cc8 | size | 0x000000bc |
section | {u'size_of_data': u'0x0008a400', u'virtual_address': u'0x000ec000', u'entropy': 7.9290103118276525, u'name': u'UPX1', u'virtual_size': u'0x0008b000'} | entropy | 7.92901031183 | description | A section with a high entropy has been found | |||||||||
entropy | 0.753919563736 | description | Overall entropy of this PE file is high |
section | UPX0 | description | Section name indicates UPX | ||||||
section | UPX1 | description | Section name indicates UPX |
host | 101.36.107.74 | |||
host | 172.217.25.14 |
Bkav | W32.AIDetect.malware1 |
DrWeb | Trojan.DownLoader38.7231 |
MicroWorld-eScan | Trojan.GenericKD.45966118 |
FireEye | Generic.mg.ef80e35e5a0f4c12 |
CAT-QuickHeal | Trojan.Multi |
ALYac | Trojan.GenericKD.45966118 |
Cylance | Unsafe |
K7AntiVirus | Password-Stealer ( 0055912f1 ) |
Alibaba | TrojanBanker:Win32/Passteal.af7de133 |
K7GW | Password-Stealer ( 0055912f1 ) |
Cybereason | malicious.0d7675 |
Arcabit | Trojan.Generic.D2BD6326 |
BitDefenderTheta | Gen:NN.ZexaF.34628.TmGfaC0z7oeb |
Cyren | W32/AdAgent.BB.gen!Eldorado |
Symantec | ML.Attribute.HighConfidence |
ESET-NOD32 | a variant of Win32/PSW.Agent.OHG |
APEX | Malicious |
Avast | Win32:Trojan-gen |
Kaspersky | Trojan-Banker.Win32.Passteal.hj |
BitDefender | Trojan.GenericKD.45966118 |
NANO-Antivirus | Trojan.Win32.Dwn.iquala |
Paloalto | generic.ml |
Ad-Aware | Trojan.GenericKD.45966118 |
Emsisoft | Trojan.GenericKD.45966118 (B) |
VIPRE | Trojan.Win32.Generic!BT |
TrendMicro | TROJ_GEN.R002C0PCO21 |
McAfee-GW-Edition | BehavesLike.Win32.Generic.bc |
Sophos | Mal/Generic-S |
Ikarus | Trojan-PSW.Agent |
Jiangmin | Trojan.Banker.Passteal.bb |
eGambit | Unsafe.AI_Score_99% |
Avira | TR/PSW.Agent.owqft |
Kingsoft | Win32.Troj.Banker.(kcloud) |
Gridinsoft | Trojan.Win32.Agent.vb |
Microsoft | Trojan:Win32/Ymacco.AA5B |
AegisLab | Trojan.Multi.Generic.4!c |
GData | Trojan.GenericKD.45966118 |
Cynet | Malicious (score: 100) |
McAfee | Artemis!EF80E35E5A0F |
MAX | malware (ai score=82) |
VBA32 | BScope.Trojan.CryptInject |
Malwarebytes | Trojan.Crypt |
TrendMicro-HouseCall | TROJ_GEN.R002H0CCM21 |
Rising | Stealer.FBAdsCard!1.CE06 (CLOUD) |
Fortinet | W32/Agent.OHG!tr |
Webroot | W32.Trojan.Gen |
AVG | Win32:Trojan-gen |
Panda | Trj/GdSda.A |
CrowdStrike | win/malicious_confidence_90% (W) |
Qihoo-360 | Win32/Trojan.Generic.HgIASRQA |