popup

Report - re.exe

Generic Malware PE64 PE File
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2023.08.07 08:59 Machine s1_win7_x6401
Filename re.exe
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
AI Score
5
 Behavior Score
2.2
ZERO API file : malware
VT API (file)
md5 42ac2bba9af99081defe93ce797a3412
sha256 d4163f1179d58f842ba3b9cd28cd315de031669b93d87111c40fbc13167e42ab
ssdeep 768:+IR0tFOAQJfLWMQyvh5+kI25cBvgpYybW8vK9/vdKircuudDTt1WfpMVKk5hqM1Q:jGFiQyr6rPhvdKbtDj57gbOsRBFr
imphash
impfuzzy 3::
  Network IP location

Signature (5cnts)

Level Description
watch Communicates with host for which no DNS query was performed
notice Allocates read-write-execute memory (usually to unpack itself)
notice HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice Performs some HTTP requests
notice Sends data using the HTTP POST Method

Rules (3cnts)

Level Name Description Collection
warning Generic_Malware_Zero Generic Malware binaries (upload)
info IsPE64 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (3cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
https://157.245.47.66/test.txt
whois
GB DIGITALOCEAN-ASN 157.245.47.66 clean
https://157.245.47.66/funny_cat.gif
whois
GB DIGITALOCEAN-ASN 157.245.47.66 clean
157.245.47.66
whois
GB DIGITALOCEAN-ASN 157.245.47.66 malware

Suricata ids

ET ATTACK_RESPONSE Havoc/Sliver Framework TLS Certificate Observed

Similarity measure (PE file only) - Checking for service failure