ScreenShot
Created | 2024.01.25 08:56 | Machine | s1_win7_x6403 |
Filename | bin.exe | ||
Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : malware | ||
VT API (file) | 53 detected (AIDetectMalware, Formbook, Windows, Diceloader, Malicious, score, GenericPMF, S31790698, GenericRXCD, unsafe, Lazy, Save, ccmw, CLASSIC, ZPACK, Siggen9, SMYXDDE, Detected, ai score=81, 100IPS, Eldorado, X2185, BScope, TrojanPSW, Mqil, Static AI, Malicious PE, susgen, GenKryptik, AYEB, confidence, 100%) | ||
md5 | d36b9ed936c51fc667d67cb5fa419a94 | ||
sha256 | 74af268a3cc5fe46f85426eb5896ecd93384185bbd2df9274363166308921460 | ||
ssdeep | 3072:XrNO0kCgRx0pGY3RdK52rOlwFhhVD+joLtVzLP6WFB2v:NgVWRA4rOlwFh5r+2B2v | ||
imphash | |||
impfuzzy | 3:: |
Network IP location
Signature (7cnts)
Level | Description |
---|---|
danger | File has been identified by 53 AntiVirus engines on VirusTotal as malicious |
notice | Allocates read-write-execute memory (usually to unpack itself) |
notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
notice | Performs some HTTP requests |
notice | Resolves a suspicious Top Level Domain (TLD) |
notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (7cnts)
Level | Name | Description | Collection |
---|---|---|---|
danger | win_formbook_auto | Detects win.formbook. | binaries (upload) |
danger | win_formbook_w0 | (no description) | binaries (upload) |
danger | Win_Trojan_Formbook_Zero | Used Formbook | binaries (upload) |
watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
info | IsPE32 | (no description) | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (13cnts) ?
Suricata ids
ET DNS Query to a *.top domain - Likely Hostile
ET INFO HTTP Request to a *.top domain
ET MALWARE FormBook CnC Checkin (GET)
ET HUNTING Request to .TOP Domain with Minimal Headers
ET INFO HTTP Request to a *.top domain
ET MALWARE FormBook CnC Checkin (GET)
ET HUNTING Request to .TOP Domain with Minimal Headers
PE API
IAT(Import Address Table) is none
EAT(Export Address Table) is none
EAT(Export Address Table) is none