popup

Report - 645d8620ab56f.zip

ZIP Format
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2023.05.12 09:55 Machine s1_win7_x6402
Filename 645d8620ab56f.zip
Type Zip archive data, at least v2.0 to extract
AI Score Not founds Behavior Score
0.8
ZERO API file : clean
VT API (file)
md5 f273ad23fb6109a3d45643dc29084a86
sha256 7d08c204524028da771f3a050fdf63d38c5dbceaef82b3050d39a827095ff3b3
ssdeep 49152:6Q6J3WM202p5GutgAJuIxyxWCIZsS85PWZ5FvcBu:p89i7JDmWgzP+Uu
imphash
impfuzzy
  Network IP location

Signature (2cnts)

Level Description
notice HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice Performs some HTTP requests

Rules (1cnts)

Level Name Description Collection
info zip_file_format ZIP file format binaries (upload)

Network (6cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
http://geo.netsupportsoftware.com/location/loca.asp
whois
GB British Telecommunications PLC 62.172.138.67 clean
http://89.22.237.94:5222/http://89.22.237.94/fakeurl.htm
whois
TR M247 Ltd 89.22.237.94 clean
geo.netsupportsoftware.com
whois
GB British Telecommunications PLC 62.172.138.67 clean
blahadfurtik.com
whois
TR M247 Ltd 89.22.237.94 mailcious
89.22.237.94
whois
TR M247 Ltd 89.22.237.94 mailcious
51.142.119.24
whois
GB MICROSOFT-CORP-MSN-AS-BLOCK 51.142.119.24 clean

Suricata ids

ET INFO NetSupport Remote Admin Checkin
ET INFO NetSupport Remote Admin Response
ET POLICY NetSupport GeoLocation Lookup Request

Similarity measure (PE file only) - Checking for service failure