popup

Report - tndv.zip

ZIP Format
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2023.06.20 17:59 Machine s1_win7_x6402
Filename tndv.zip
Type Zip archive data, at least v2.0 to extract
AI Score Not founds Behavior Score
1.4
ZERO API file : malware
VT API (file) 18 detected (NetSup, RemoteAdmin, Tool, EQYN, NetSupportManager, Rimw, GenCBL, Artemis, Archive, FW3MVG, Detected, HackTool, NetSupport, CLASSIC, myez5VmqQPE, susgen)
md5 83b338082fc994430cd4c0c27077f1c9
sha256 d15938851d2b1340c537fe0e08dd6fac4255440fd361ef3599a1a490f3dea139
ssdeep 49152:HZjQXorDcQhg7dMnEBJCgkh3V/4msgNbbZnN7p4lVG5PWZ5FvcBQ:HqWg7OEB1kh3VuGZp4bIP+UQ
imphash
impfuzzy
  Network IP location

Signature (3cnts)

Level Description
watch File has been identified by 18 AntiVirus engines on VirusTotal as malicious
notice HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice Performs some HTTP requests

Rules (1cnts)

Level Name Description Collection
info zip_file_format ZIP file format binaries (upload)

Network (6cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
http://geo.netsupportsoftware.com/location/loca.asp
whois
GB British Telecommunications PLC 62.172.138.8 clean
http://209.250.244.251:1212/http://209.250.244.251/fakeurl.htm
whois
NL AS-CHOOPA 209.250.244.251 clean
geo.netsupportsoftware.com
whois
GB British Telecommunications PLC 62.172.138.8 clean
securiji1.com
whois
NL AS-CHOOPA 209.250.244.251 clean
62.172.138.8
whois
GB British Telecommunications PLC 62.172.138.8 clean
209.250.244.251
whois
NL AS-CHOOPA 209.250.244.251 clean

Suricata ids

ET POLICY NetSupport GeoLocation Lookup Request
ET INFO NetSupport Remote Admin Checkin
ET INFO NetSupport Remote Admin Response

Similarity measure (PE file only) - Checking for service failure