ScreenShot
| Created | 2023.03.10 11:53 | Machine | s1_win7_x6402 |
| Filename | Ndi8RJtM5xSosyq.zip | ||
| Type | Zip archive data, at least v2.0 to extract | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | |||
| VT API (file) | |||
| md5 | 542f53c1fd9de5d3423b7a8a22f6d9bf | ||
| sha256 | 44c7289a2719901900af988f7cb44562cfa62da377723831a47a92c1fda68c19 | ||
| ssdeep | 6144:Jk1WVsDd6uJEO6MwHp61v06+RdQ3hU9lX5JN+Y7Q5axi:Jk1csDd6eEO6nHUssQX5CwQ5ag | ||
| imphash | |||
| impfuzzy | |||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) |
| warning | Generates some ICMP traffic |
| watch | Communicates with host for which no DNS query was performed |
Rules (1cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | zip_file_format | ZIP file format | binaries (upload) |
Suricata ids
ET INFO TLS Handshake Failure
ET CNC Feodo Tracker Reported CnC Server group 7
ET CNC Feodo Tracker Reported CnC Server group 8
ET CNC Feodo Tracker Reported CnC Server group 5
ET CNC Feodo Tracker Reported CnC Server group 1
ET CNC Feodo Tracker Reported CnC Server group 7
ET CNC Feodo Tracker Reported CnC Server group 8
ET CNC Feodo Tracker Reported CnC Server group 5
ET CNC Feodo Tracker Reported CnC Server group 1