Report - wL8P9unF.zip

ZIP Format

ScreenShot

Info
Location map


Created	2023.03.22 10:44	Machine	s1_win7_x6402
Filename	wL8P9unF.zip
Type	Zip archive data, at least v2.0 to extract
AI Score	Not founds	Behavior Score	2.6
ZERO API	file : clean
VT API (file)	4 detected (Archive, Bomb, Emotet, Sabsik, SwollenFile, CLASSIC)
md5	1f5166dbb451fe00af869e50377e286d
sha256	4e34d62f76eeca9106cabde22921b69e9bbd1ea0364b49ca141855ed2ca5b773
ssdeep	12288:tkf5dOzheNdckFRKluvnRHXdhbDHfXZX1EKdxKmSTH4ded:mXzNdfKluvnRHthzfoYxJlC
imphash
impfuzzy

Network IP location

Signature (3cnts)

Level	Description
danger	Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually)
watch	Communicates with host for which no DNS query was performed
notice	File has been identified by 4 AntiVirus engines on VirusTotal as malicious

Rules (1cnts)

Level	Name	Description	Collection
info	zip_file_format	ZIP file format	binaries (upload)

Network (12cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?
94.23.45.86 whois		OVH SAS	94.23.45.86		mailcious
172.105.226.75 whois		Linode, LLC	172.105.226.75		mailcious
202.129.205.3 whois		NIPA TECHNOLOGY CO., LTD	202.129.205.3		mailcious
104.168.155.143 whois		HOSTWINDS	104.168.155.143		mailcious
209.126.85.32 whois		CDM	209.126.85.32		clean
213.239.212.5 whois		Hetzner Online GmbH	213.239.212.5		mailcious
107.170.39.149 whois		DIGITALOCEAN-ASN	107.170.39.149		mailcious
164.90.222.65 whois			164.90.222.65		mailcious
187.63.160.88 whois		BITCOM PROVEDOR DE SERVICOS DE INTERNET LTDA	187.63.160.88		mailcious
5.135.159.50 whois		OVH SAS	5.135.159.50		mailcious
115.68.227.76 whois		SMILESERV	115.68.227.76		mailcious
167.172.199.165 whois		DIGITALOCEAN-ASN	167.172.199.165		mailcious

Suricata ids

Similarity measure (PE file only) - Checking for service failure