ScreenShot
| Created | 2023.09.16 14:16 | Machine | s1_win7_x6402 |
| Filename | Banana.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 47 detected (AIDetectMalware, GenericKDZ, malicious, ZexaF, iuW@a40dE@oi, Genus, Eldorado, Attribute, HighConfidence, high confidence, score, Stealerc, TrojanX, moderate, Mystic, ai score=80, Midie, Sabsik, 9TLXQ0, Detected, R600981, BScope, TrojanPSW, unsafe, GdSda, Generic@AI, RDMK, vOsN7+paqE, xxP1j6lrJJw, J3iOUFWmjAo, susgen, Kryptik, confidence) | ||
| md5 | ab01a5c6d7bd2e1c03a532e1ccd03358 | ||
| sha256 | 2c6cce4c2f5838ce81a5000355a0401ca709b1edd662f580cd6e1d42988fdfc6 | ||
| ssdeep | 3072:B9rwPGiSipIi3j9Dh0CxZogdNr1JUhPUQP4SLRm8Z4PqjzCp:/5iSQ10gHePxzCp | ||
| imphash | 7a83bc8f14d32c8af61627070a00e36a | ||
| impfuzzy | 24:uYOjjmS1jtubJnc+pl3eDo/CZouCSOovbO9ZivFGMC:FS1jtulc+ppmZ83A2 | ||
Network IP location
Signature (10cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 47 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates executable files on the filesystem |
| notice | Drops an executable to the user AppData folder |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Performs some HTTP requests |
| notice | Sends data using the HTTP POST Method |
| notice | Steals private information from local Internet browsers |
| info | Checks amount of memory in system |
Rules (13cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | infoStealer_browser_b_Zero | browser info stealer | binaries (download) |
| watch | ASPack_Zero | ASPack packed file | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Suricata ids
ET MALWARE [ANY.RUN] Win32/Stealc Checkin (POST)
ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1
ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x41c000 WriteFile
0x41c004 GetLastError
0x41c008 VirtualFree
0x41c00c VirtualAlloc
0x41c010 WaitForSingleObject
0x41c014 CloseHandle
0x41c018 CreateThread
0x41c01c WriteConsoleW
0x41c020 QueryPerformanceCounter
0x41c024 GetCurrentProcessId
0x41c028 GetCurrentThreadId
0x41c02c GetSystemTimeAsFileTime
0x41c030 InitializeSListHead
0x41c034 IsDebuggerPresent
0x41c038 UnhandledExceptionFilter
0x41c03c SetUnhandledExceptionFilter
0x41c040 GetStartupInfoW
0x41c044 IsProcessorFeaturePresent
0x41c048 GetModuleHandleW
0x41c04c GetCurrentProcess
0x41c050 TerminateProcess
0x41c054 RtlUnwind
0x41c058 SetLastError
0x41c05c EnterCriticalSection
0x41c060 LeaveCriticalSection
0x41c064 DeleteCriticalSection
0x41c068 InitializeCriticalSectionAndSpinCount
0x41c06c TlsAlloc
0x41c070 TlsGetValue
0x41c074 TlsSetValue
0x41c078 TlsFree
0x41c07c FreeLibrary
0x41c080 GetProcAddress
0x41c084 LoadLibraryExW
0x41c088 EncodePointer
0x41c08c RaiseException
0x41c090 GetStdHandle
0x41c094 GetModuleFileNameW
0x41c098 ExitProcess
0x41c09c GetModuleHandleExW
0x41c0a0 HeapFree
0x41c0a4 HeapAlloc
0x41c0a8 HeapReAlloc
0x41c0ac LCMapStringW
0x41c0b0 FindClose
0x41c0b4 FindFirstFileExW
0x41c0b8 FindNextFileW
0x41c0bc IsValidCodePage
0x41c0c0 GetACP
0x41c0c4 GetOEMCP
0x41c0c8 GetCPInfo
0x41c0cc GetCommandLineA
0x41c0d0 GetCommandLineW
0x41c0d4 MultiByteToWideChar
0x41c0d8 WideCharToMultiByte
0x41c0dc GetEnvironmentStringsW
0x41c0e0 FreeEnvironmentStringsW
0x41c0e4 SetStdHandle
0x41c0e8 GetFileType
0x41c0ec GetStringTypeW
0x41c0f0 GetProcessHeap
0x41c0f4 HeapSize
0x41c0f8 FlushFileBuffers
0x41c0fc GetConsoleOutputCP
0x41c100 GetConsoleMode
0x41c104 SetFilePointerEx
0x41c108 CreateFileW
0x41c10c DecodePointer
EAT(Export Address Table) is none
KERNEL32.dll
0x41c000 WriteFile
0x41c004 GetLastError
0x41c008 VirtualFree
0x41c00c VirtualAlloc
0x41c010 WaitForSingleObject
0x41c014 CloseHandle
0x41c018 CreateThread
0x41c01c WriteConsoleW
0x41c020 QueryPerformanceCounter
0x41c024 GetCurrentProcessId
0x41c028 GetCurrentThreadId
0x41c02c GetSystemTimeAsFileTime
0x41c030 InitializeSListHead
0x41c034 IsDebuggerPresent
0x41c038 UnhandledExceptionFilter
0x41c03c SetUnhandledExceptionFilter
0x41c040 GetStartupInfoW
0x41c044 IsProcessorFeaturePresent
0x41c048 GetModuleHandleW
0x41c04c GetCurrentProcess
0x41c050 TerminateProcess
0x41c054 RtlUnwind
0x41c058 SetLastError
0x41c05c EnterCriticalSection
0x41c060 LeaveCriticalSection
0x41c064 DeleteCriticalSection
0x41c068 InitializeCriticalSectionAndSpinCount
0x41c06c TlsAlloc
0x41c070 TlsGetValue
0x41c074 TlsSetValue
0x41c078 TlsFree
0x41c07c FreeLibrary
0x41c080 GetProcAddress
0x41c084 LoadLibraryExW
0x41c088 EncodePointer
0x41c08c RaiseException
0x41c090 GetStdHandle
0x41c094 GetModuleFileNameW
0x41c098 ExitProcess
0x41c09c GetModuleHandleExW
0x41c0a0 HeapFree
0x41c0a4 HeapAlloc
0x41c0a8 HeapReAlloc
0x41c0ac LCMapStringW
0x41c0b0 FindClose
0x41c0b4 FindFirstFileExW
0x41c0b8 FindNextFileW
0x41c0bc IsValidCodePage
0x41c0c0 GetACP
0x41c0c4 GetOEMCP
0x41c0c8 GetCPInfo
0x41c0cc GetCommandLineA
0x41c0d0 GetCommandLineW
0x41c0d4 MultiByteToWideChar
0x41c0d8 WideCharToMultiByte
0x41c0dc GetEnvironmentStringsW
0x41c0e0 FreeEnvironmentStringsW
0x41c0e4 SetStdHandle
0x41c0e8 GetFileType
0x41c0ec GetStringTypeW
0x41c0f0 GetProcessHeap
0x41c0f4 HeapSize
0x41c0f8 FlushFileBuffers
0x41c0fc GetConsoleOutputCP
0x41c100 GetConsoleMode
0x41c104 SetFilePointerEx
0x41c108 CreateFileW
0x41c10c DecodePointer
EAT(Export Address Table) is none