Edit tour
Windows
Analysis Report
Week11.exe
Overview
General Information
Detection
GO Backdoor
Score: | 76 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected GO Backdoor
AI detected suspicious sample
Connects to many ports of the same IP (likely port scanning)
Found Tor onion address
Detected TCP or UDP traffic on non-standard ports
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Classification
- System is w10x64
- Week11.exe (PID: 2172 cmdline:
"C:\Users\ user\Deskt op\Week11. exe" MD5: 4FBC4F26E90324C3B535943452460761)
- cleanup
⊘No configs have been found
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_GOBackdoor | Yara detected GO Backdoor | Joe Security |
⊘No Sigma rule has matched
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-11-11T17:57:30.483613+0100 | 2022930 | 1 | A Network Trojan was detected | 172.202.163.200 | 443 | 192.168.2.5 | 49716 | TCP |
2024-11-11T17:57:58.288467+0100 | 2022930 | 1 | A Network Trojan was detected | 172.202.163.200 | 443 | 192.168.2.5 | 57077 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-11-11T17:57:20.154104+0100 | 2855536 | 1 | A Network Trojan was detected | 192.168.2.5 | 49709 | 94.103.88.127 | 28670 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-11-11T17:57:49.549151+0100 | 2855537 | 1 | A Network Trojan was detected | 192.168.2.5 | 49709 | 94.103.88.127 | 28670 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-11-11T17:57:49.784386+0100 | 2855538 | 1 | A Network Trojan was detected | 94.103.88.127 | 28670 | 192.168.2.5 | 49709 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-11-11T17:57:20.153843+0100 | 2855539 | 1 | A Network Trojan was detected | 94.103.88.127 | 28670 | 192.168.2.5 | 49709 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: |
Networking |
---|
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | TCP traffic: |
Source: | String found in binary or memory: |