Report - vbbnh.exe

RAT PWS .NET framework Generic Malware PE64 PE File

ScreenShot

Info
Location map


Created	2022.01.18 10:37	Machine	s1_win7_x6401
Filename	vbbnh.exe
Type	PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
AI Score	4	Behavior Score	3.2
ZERO API	file : malware
VT API (file)	41 detected (malicious, high confidence, Tedy, Artemis, BitCoinMiner, Save, Witch, Small, TrojanX, Siggen16, Static AI, Malicious PE, Unsafe, Score, mmuuq, Sabsik, ai score=88, R002H0DAF22, MSIL@AI, p1UqyBWMY+OvwZ, qmVOzcA, confidence)
md5	017f6137bb09d75043e4e11c378b8857
sha256	7364c7f19b20f1228b008b1cb6731afeafda3515c96c7f14b20a8bfe915f5b4e
ssdeep	3072:76cJv/k1CP4k8cJXGimEWlzgLa8KEWJ7Ox0H/BRwjpCKWYhrK21Jv8PUOMHGvg2/:BqwPhkYUax1Lb+M2yfyq
imphash
impfuzzy	3::

Network IP location

Signature (9cnts)

Level	Description
danger	File has been identified by 41 AntiVirus engines on VirusTotal as malicious
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	Checks for the Locally Unique Identifier on the system for a suspicious privilege
info	Checks amount of memory in system
info	Checks if process is being debugged by a debugger
info	Collects information to fingerprint the system (MachineGuid
info	One or more processes crashed
info	Queries for the computername
info	The executable contains unknown PE section names indicative of a packer (could be a false positive)

Rules (5cnts)

Level	Name	Description	Collection
warning	Generic_Malware_Zero	Generic Malware	binaries (upload)
watch	Win32_Trojan_PWS_Net_1_Zero	Win32 Trojan PWS .NET Azorult	binaries (upload)
info	IsPE64	(no description)	binaries (upload)
info	PE_Header_Zero	PE File Signature	binaries (upload)
info	Win_Backdoor_AsyncRAT_Zero	Win Backdoor AsyncRAT	binaries (upload)

Network (0cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?

Suricata ids

PE API

IAT(Import Address Table) is none

EAT(Export Address Table) is none

Similarity measure (PE file only) - Checking for service failure