popup

Report - 6477e8cb9c716.zip

ZIP Format
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2023.06.01 09:54 Machine s1_win7_x6402
Filename 6477e8cb9c716.zip
Type Zip archive data, at least v2.0 to extract
AI Score Not founds Behavior Score
0.8
ZERO API file : clean
VT API (file)
md5 faace9f6881e329d12abcb306512fbcd
sha256 21b25b8f09bca95d3f73a52c08faa9b728160d8d4943a59f82ce428f6e0399d9
ssdeep 49152:1Q6J3WM202p5GutgAJuIxyxWCIZnS85PWZ5FvcBW:e89i7JDmWjzP+UW
imphash
impfuzzy
  Network IP location

Signature (2cnts)

Level Description
notice HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice Performs some HTTP requests

Rules (1cnts)

Level Name Description Collection
info zip_file_format ZIP file format binaries (upload)

Network (6cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
http://geo.netsupportsoftware.com/location/loca.asp
whois
GB MICROSOFT-CORP-MSN-AS-BLOCK 51.142.119.24 clean
http://91.215.85.180:5222/http://91.215.85.180/fakeurl.htm
whois
RU Petersburg Internet Network ltd. 91.215.85.180 clean
geo.netsupportsoftware.com
whois
GB MICROSOFT-CORP-MSN-AS-BLOCK 51.142.119.24 clean
balibumba1.com
whois
RU Petersburg Internet Network ltd. 91.215.85.180 mailcious
51.142.119.24
whois
GB MICROSOFT-CORP-MSN-AS-BLOCK 51.142.119.24 clean
91.215.85.180
whois
RU Petersburg Internet Network ltd. 91.215.85.180 mailcious

Suricata ids

ET INFO NetSupport Remote Admin Checkin
ET POLICY NetSupport GeoLocation Lookup Request
ET INFO NetSupport Remote Admin Response

Similarity measure (PE file only) - Checking for service failure