popup

Report - Pikabot_pw_H17.zip

ZIP Format
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2023.11.10 10:06 Machine s1_win7_x6402
Filename Pikabot_pw_H17.zip
Type Zip archive data, at least v2.0 to extract
AI Score Not founds Behavior Score
1.4
ZERO API file : clean
VT API (file)
md5 1e64f3868dc8dc63eea055b19f2a73d1
sha256 a71cef0ad51fbc6ba884bfafe81caf4b96e0d9f269259a6ff1984256e7c7682a
ssdeep 6144:NM/+Y9PN/lpfuLPhbAy7EyHmFVYCRzGgQSH3kwatoupVNGY:G9PdOpbAylcVNRzFx3kBRTh
imphash
impfuzzy
  Network IP location

Signature (3cnts)

Level Description
watch Communicates with host for which no DNS query was performed
notice HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice Performs some HTTP requests

Rules (1cnts)

Level Name Description Collection
info zip_file_format ZIP file format binaries (upload)

Network (5cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
http://49.13.31.229/tC1n0/insup
whois
DE Hetzner Online GmbH 49.13.31.229 mailcious
http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt
whois
US AMAZON-AES 3.213.199.135 clean
www.ssl.com
whois
US AMAZON-AES 3.213.199.135 clean
49.13.31.229
whois
DE Hetzner Online GmbH 49.13.31.229 mailcious
3.209.197.161
whois
US AMAZON-AES 3.209.197.161 clean

Suricata ids

ET POLICY curl User-Agent Outbound
ET HUNTING curl User-Agent to Dotted Quad

Similarity measure (PE file only) - Checking for service failure