popup

Report - ebd.zip

DarkGate ZIP Format
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2023.10.11 11:18 Machine s1_win7_x6402
Filename ebd.zip
Type Zip archive data, at least v2.0 to extract
AI Score Not founds Behavior Score
1.4
ZERO API file : clean
VT API (file)
md5 6e1bfdcf1577db9886dd1440808ed4f2
sha256 c3590bcfae6af3c0df14afb04c219ecbbfd831b341ece916448c20f6d9f1344c
ssdeep 192:nUgiUtnSpDRwA88BIoHkhe2OXH4KmJrWo2XWwqbUrWMT+nu:n/tk2A88aoKCIS5mMT+nu
imphash
impfuzzy
  Network IP location

Signature (2cnts)

Level Description
danger Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually)
notice Performs some HTTP requests

Rules (1cnts)

Level Name Description Collection
info zip_file_format ZIP file format binaries (upload)

Network (9cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
http://secure.globalsign.com/cacert/codesigningrootr45.crt
whois
US CLOUDFLARENET 104.18.20.226 clean
http://prestige-castom.com:2351/
whois
Unknown 162.33.179.65 37159 mailcious
http://prestige-castom.com:2351/msirzgnzamg
whois
Unknown 162.33.179.65 37159 mailcious
http://prestige-castom.com:2351/gqcsfd
whois
Unknown 162.33.179.65 37159 mailcious
secure.globalsign.com
whois
US CLOUDFLARENET 104.18.21.226 clean
vintagecarsforlife.com
whois
Unknown 162.33.179.65 clean
prestige-castom.com
whois
Unknown 162.33.179.65 mailcious
162.33.179.65
whois
Unknown 162.33.179.65 mailcious
104.18.20.226
whois
US CLOUDFLARENET 104.18.20.226 clean

Suricata ids

ET POLICY curl User-Agent Outbound
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO EXE - Served Attached HTTP

Similarity measure (PE file only) - Checking for service failure