ScreenShot
| Created | 2023.03.15 13:21 | Machine | s1_win7_x6402 |
| Filename | aEYnbsDbnQ.zip | ||
| Type | Zip archive data, at least v2.0 to extract | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | f4bc186107b74715370913c7c37e3e40 | ||
| sha256 | 82bee343d8db5ae070fe3bf67415182dffc032e03f630be94c5270e34419caaf | ||
| ssdeep | 6144:yaLTjsQeEcXqm56bKEY2093cbZStVHCWoR91NMd4TDy1:HLcQjc6qseWZSthCW09W4q | ||
| imphash | |||
| impfuzzy | |||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) |
| watch | Communicates with host for which no DNS query was performed |
Rules (1cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | zip_file_format | ZIP file format | binaries (upload) |
Network (6cnts) ?
Suricata ids
ET INFO TLS Handshake Failure
ET CNC Feodo Tracker Reported CnC Server group 11
ET CNC Feodo Tracker Reported CnC Server group 8
ET CNC Feodo Tracker Reported CnC Server group 11
ET CNC Feodo Tracker Reported CnC Server group 8