Windows
Analysis Report
rZqmN4mRco.ps1
Overview
General Information
Sample name: | rZqmN4mRco.ps1renamed because original name is a hash value |
Original sample name: | 802c0cc4f3d35ffedec258400ce9f0c4b2d884db30a974e0fd6b72ffdff73fed.ps1 |
Analysis ID: | 1601199 |
MD5: | c243c751841d3cce8b6d14ecd48703b7 |
SHA1: | 145913260586b946f0e858635c6255b073531b71 |
SHA256: | 802c0cc4f3d35ffedec258400ce9f0c4b2d884db30a974e0fd6b72ffdff73fed |
Tags: | 176-113-115-225bookingps1user-JAMESWT_MHT |
Infos: | |
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
powershell.exe (PID: 7728 cmdline:
"C:\Window s\System32 \WindowsPo werShell\v 1.0\powers hell.exe" -noLogo -E xecutionPo licy unres tricted -f ile "C:\Us ers\user\D esktop\rZq mN4mRco.ps 1" MD5: 04029E121A0CFA5991749937DD22A1D9) conhost.exe (PID: 7736 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) RegSvcs.exe (PID: 7948 cmdline:
"C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\Reg Svcs.exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
XWorm | Malware with wide range of capabilities ranging from RAT to ransomware. | No Attribution |
{
"C2 url": [
"176.113.115.225"
],
"Port": 4444,
"Aes key": "P0WER",
"SPL": "<Xwormmm>",
"Install file": "USB.exe"
}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
MALWARE_Win_AsyncRAT | Detects AsyncRAT | ditekSHen |
| |
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
MALWARE_Win_AsyncRAT | Detects AsyncRAT | ditekSHen |
| |
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
Click to see the 6 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
rat_win_xworm_v3 | Finds XWorm (version XClient, v3) samples based on characteristic strings | Sekoia.io |
| |
MALWARE_Win_AsyncRAT | Detects AsyncRAT | ditekSHen |
| |
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
rat_win_xworm_v3 | Finds XWorm (version XClient, v3) samples based on characteristic strings | Sekoia.io |
| |
Click to see the 10 entries |
System Summary |
---|
Source: | Author: Florian Roth (Nextron Systems): |
Source: | Author: frack113: |
Source: | Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-01-28T12:23:27.023169+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:23:35.884149+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:23:39.893947+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:23:52.769091+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:24:05.664555+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:24:05.886218+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:24:18.527432+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:24:21.628137+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:24:21.750649+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:24:26.972360+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:24:27.373556+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:24:27.494814+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:24:27.615955+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:24:35.882836+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:24:37.643539+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:24:37.765523+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:24:37.909469+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:24:42.925238+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:24:43.047982+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:24:53.035067+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:24:53.157468+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:24:53.562775+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:24:53.738401+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:25:03.414632+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:25:03.422945+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:25:05.899412+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:25:10.488112+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:25:13.511614+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:25:14.415618+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:25:27.367080+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:25:34.379297+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:25:35.909409+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:25:41.599608+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:25:43.064967+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:25:45.661132+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:25:58.523391+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:01.175747+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:02.217210+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:02.217544+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:02.217814+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:02.431071+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:05.920555+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:12.409871+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:13.238106+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:18.066460+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:25.113128+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:27.815842+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:27.988143+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:28.110626+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:28.408775+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:28.676942+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:29.097432+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:31.488902+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:34.035130+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:35.928828+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:38.413379+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:39.128239+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:39.335986+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:40.317484+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:49.521752+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:49.642322+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:49.765402+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:49.884171+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:50.340712+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:55.301255+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:55.684756+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:27:01.425651+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:27:05.948767+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:27:06.769231+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:27:06.891752+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:27:14.425804+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:27:15.926110+0100 | 2852870 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-01-28T12:23:27.307565+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:23:39.909678+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:23:52.773427+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:24:05.666581+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:24:18.529867+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:24:21.634672+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:24:21.758652+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:24:26.976678+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:24:27.375983+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:24:27.497081+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:24:27.619295+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:24:37.648693+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:24:37.767213+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:24:37.911386+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:24:42.927266+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:24:43.050094+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:24:53.040631+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:24:53.159267+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:24:53.584201+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:24:53.897168+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:25:03.416900+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:25:03.424967+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:25:10.516865+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:25:13.513922+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:25:14.418720+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:25:27.369454+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:25:34.383872+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:25:41.602344+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:25:43.067711+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:25:45.663000+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:25:58.525437+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:26:01.177247+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:26:02.219550+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:26:02.433315+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:26:12.412310+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:26:13.239839+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:26:18.411580+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:26:25.122064+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:26:27.819607+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:26:27.991592+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:26:28.112229+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:26:28.411007+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:26:28.682056+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:26:29.099404+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:26:31.490696+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:26:34.039595+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:26:38.414881+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:26:39.135435+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:26:39.339163+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:26:40.319218+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:26:49.523712+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:26:49.648494+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:26:49.767663+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:26:49.887455+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:26:50.343534+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:26:55.303233+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:26:55.686427+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:27:01.427397+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:27:06.770870+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:27:06.894142+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:27:14.427797+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:27:15.927184+0100 | 2852923 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-01-28T12:23:35.884149+0100 | 2858801 | 1 | Malware Command and Control Activity Detected | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-01-28T12:25:27.070180+0100 | 2858799 | 1 | Malware Command and Control Activity Detected | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
- • AV Detection
- • Spreading
- • Networking
- • System Summary
- • Data Obfuscation
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
- • Anti Debugging
- • HIPS / PFW / Operating System Protection Evasion
- • Language, Device and Operating System Detection
- • Lowering of HIPS / PFW / Operating System Security Settings
- • Stealing of Sensitive Information
- • Remote Access Functionality
Click to jump to signature section
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Networking |
---|
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | URLs: |
Source: | TCP traffic: |
Source: | ASN Name: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Process Stats: |
Source: | Code function: | 1_2_00007FFB4B461083 | |
Source: | Code function: | 3_2_01496340 | |
Source: | Code function: | 3_2_0149C2D8 | |
Source: | Code function: | 3_2_0149B598 | |
Source: | Code function: | 3_2_014984B8 | |
Source: | Code function: | 3_2_01495A70 | |
Source: | Code function: | 3_2_01495728 | |
Source: | Code function: | 3_2_01490FA0 |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: |
Source: | Classification label: |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Data Obfuscation |
---|
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | Code function: | 1_2_00007FFB4B395B72 | |
Source: | Code function: | 1_2_00007FFB4B39D10A | |
Source: | Code function: | 1_2_00007FFB4B3900C1 | |
Source: | Code function: | 3_2_01498081 | |
Source: | Code function: | 3_2_01494CD1 |
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | WMI Queries: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory written: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: |
Source: | WMI Queries: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 11 Windows Management Instrumentation | 1 DLL Side-Loading | 212 Process Injection | 1 Disable or Modify Tools | OS Credential Dumping | 121 Security Software Discovery | Remote Services | 11 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 121 Virtualization/Sandbox Evasion | LSASS Memory | 2 Process Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 212 Process Injection | Security Account Manager | 121 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Deobfuscate/Decode Files or Information | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Obfuscated Files or Information | LSA Secrets | 2 File and Directory Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 2 Software Packing | Cached Domain Credentials | 13 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 DLL Side-Loading | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
31% | Virustotal | Browse | ||
24% | ReversingLabs | Script-PowerShell.Downloader.Amadey |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
176.113.115.225 | unknown | Russian Federation | 49505 | SELECTELRU | true |
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1601199 |
Start date and time: | 2025-01-28 12:22:09 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 7m 40s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 8 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | rZqmN4mRco.ps1renamed because original name is a hash value |
Original Sample Name: | 802c0cc4f3d35ffedec258400ce9f0c4b2d884db30a974e0fd6b72ffdff73fed.ps1 |
Detection: | MAL |
Classification: | mal100.troj.evad.winPS1@4/5@0/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): MpCmdRun.exe, d llhost.exe, WMIADAP.exe, SIHCl ient.exe, conhost.exe - Excluded IPs from analysis (wh
itelisted): 172.202.163.200 - Excluded domains from analysis
(whitelisted): ocsp.digicert. com, slscr.update.microsoft.co m, ctldl.windowsupdate.com, fe 3cr.delivery.mp.microsoft.com - Execution Graph export aborted
for target RegSvcs.exe, PID 7 948 because it is empty - Execution Graph export aborted
for target powershell.exe, PI D 7728 because it is empty - Not all processes where analyz
ed, report is missing behavior information
Time | Type | Description |
---|---|---|
06:23:09 | API Interceptor | |
06:23:12 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
176.113.115.225 | Get hash | malicious | XWorm | Browse | ||
Get hash | malicious | XWorm | Browse | |||
Get hash | malicious | XWorm | Browse | |||
Get hash | malicious | XWorm | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
SELECTELRU | Get hash | malicious | XWorm | Browse |
| |
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | Amadey, AsyncRAT, KeyLogger, LummaC Stealer, PureLog Stealer, ReverseShell, Stealc | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | LummaC, Amadey, AsyncRAT, LummaC Stealer, PureLog Stealer, Socks5Systemz, Vidar | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 64 |
Entropy (8bit): | 1.1940658735648508 |
Encrypted: | false |
SSDEEP: | 3:NlllulJnp/p:NllU |
MD5: | BC6DB77EB243BF62DC31267706650173 |
SHA1: | 9E42FEFC2E92DE0DB2A2C9911C866320E41B30FF |
SHA-256: | 5B000939E436B6D314E3262887D8DB6E489A0DDF1E10E5D3D80F55AA25C9FC27 |
SHA-512: | 91DC4935874ECA2A4C8DE303D83081FE945C590208BB844324D1E0C88068495E30AAE2321B3BA8A762BA08DAAEB75D9931522A47C5317766C27E6CE7D04BEEA9 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6222 |
Entropy (8bit): | 3.723276965105973 |
Encrypted: | false |
SSDEEP: | 96:k4gVG0tyBCeAP8yJtkvhkvCCtZHPjQgxHLYPjQg+HL4:DgVG0tylAP1zZvjv6jS4 |
MD5: | 6A14F41244D47214D6D5EF16C0E4BE4E |
SHA1: | 4A695D67142920F8E9D537737BF8F27BFEA40129 |
SHA-256: | 3899B3340B3B8CA7784AB4D78C0B18E587DC3C5543B3E173AE256C0D701BCBB0 |
SHA-512: | BFCACC5567C968A2674590E9FC14E9A5CF2C030C7E7A5AC1F9C550EDB3759D3C996C4AD8DACFEA4087BE8D50E37D277903C2B37FFFE4ADD43B5A5A2BEF123F01 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6222 |
Entropy (8bit): | 3.723276965105973 |
Encrypted: | false |
SSDEEP: | 96:k4gVG0tyBCeAP8yJtkvhkvCCtZHPjQgxHLYPjQg+HL4:DgVG0tylAP1zZvjv6jS4 |
MD5: | 6A14F41244D47214D6D5EF16C0E4BE4E |
SHA1: | 4A695D67142920F8E9D537737BF8F27BFEA40129 |
SHA-256: | 3899B3340B3B8CA7784AB4D78C0B18E587DC3C5543B3E173AE256C0D701BCBB0 |
SHA-512: | BFCACC5567C968A2674590E9FC14E9A5CF2C030C7E7A5AC1F9C550EDB3759D3C996C4AD8DACFEA4087BE8D50E37D277903C2B37FFFE4ADD43B5A5A2BEF123F01 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 5.51329593911 |
TrID: | |
File name: | rZqmN4mRco.ps1 |
File size: | 162'316 bytes |
MD5: | c243c751841d3cce8b6d14ecd48703b7 |
SHA1: | 145913260586b946f0e858635c6255b073531b71 |
SHA256: | 802c0cc4f3d35ffedec258400ce9f0c4b2d884db30a974e0fd6b72ffdff73fed |
SHA512: | b129a633e5e0fa06f3d8d5228b367b2be4ea7983041622ac19d135fb3accd9720b5199fdf3172531e9928a5e05a342fae5ff4f6c0283d7bea95d02fd6b1bf317 |
SSDEEP: | 3072:SB7VzghaUYePuBkEx9W2a4OlnlMDFQiPXqGlZPfOBAZR6Oc:SB5VePtS9W2a4OlnlMpTPXVWBAH6Oc |
TLSH: | B1F308318914BC5BCEEF2F8665102FD23C79253BCE651028F58F19B92E642349E7AF64 |
File Content Preview: | .... $t0='JOOOOIEX'.replace('JOOOO','');sal GG $t0;....$OE="qQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEFAKvny6YAAAAAAAAAA |
Icon Hash: | 3270d6baae77db44 |
Download Network PCAP: filtered – full
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-01-28T12:23:26.807778+0100 | 2858800 | ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:23:27.023169+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:23:27.307565+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:23:35.884149+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:23:35.884149+0100 | 2858801 | ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:23:39.893947+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:23:39.909678+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:23:52.769091+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:23:52.773427+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:24:05.664555+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:24:05.666581+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:24:05.886218+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:24:18.527432+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:24:18.529867+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:24:21.628137+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:24:21.634672+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:24:21.750649+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:24:21.758652+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:24:26.972360+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:24:26.976678+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:24:27.373556+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:24:27.375983+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:24:27.494814+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:24:27.497081+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:24:27.615955+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:24:27.619295+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:24:35.882836+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:24:37.643539+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:24:37.648693+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:24:37.765523+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:24:37.767213+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:24:37.909469+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:24:37.911386+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:24:42.925238+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:24:42.927266+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:24:43.047982+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:24:43.050094+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:24:53.035067+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:24:53.040631+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:24:53.157468+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:24:53.159267+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:24:53.562775+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:24:53.584201+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:24:53.738401+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:24:53.897168+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:25:03.414632+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:25:03.416900+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:25:03.422945+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:25:03.424967+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:25:05.899412+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:25:10.488112+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:25:10.516865+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:25:13.511614+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:25:13.513922+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:25:14.415618+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:25:14.418720+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:25:27.070180+0100 | 2858799 | ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:25:27.367080+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:25:27.369454+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:25:34.379297+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:25:34.383872+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:25:35.909409+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:25:41.599608+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:25:41.602344+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:25:43.064967+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:25:43.067711+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:25:45.661132+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:25:45.663000+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:25:58.523391+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:25:58.525437+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:26:01.175747+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:01.177247+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:26:02.217210+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:02.217544+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:02.217814+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:02.219550+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:26:02.431071+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:02.433315+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:26:05.920555+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:12.409871+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:12.412310+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:26:13.238106+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:13.239839+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:26:18.066460+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:18.411580+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:26:25.113128+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:25.122064+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:26:27.815842+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:27.819607+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:26:27.988143+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:27.991592+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:26:28.110626+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:28.112229+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:26:28.408775+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:28.411007+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:26:28.676942+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:28.682056+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:26:29.097432+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:29.099404+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:26:31.488902+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:31.490696+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:26:34.035130+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:34.039595+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:26:35.928828+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:38.413379+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:38.414881+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:26:39.128239+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:39.135435+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:26:39.335986+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:39.339163+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:26:40.317484+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:40.319218+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:26:49.521752+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:49.523712+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:26:49.642322+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:49.648494+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:26:49.765402+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:49.767663+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:26:49.884171+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:49.887455+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:26:50.340712+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:50.343534+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:26:55.301255+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:55.303233+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:26:55.684756+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:26:55.686427+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:27:01.425651+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:27:01.427397+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:27:05.948767+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:27:06.769231+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:27:06.770870+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:27:06.891752+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:27:06.894142+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:27:14.425804+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:27:14.427797+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
2025-01-28T12:27:15.926110+0100 | 2852870 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes | 1 | 176.113.115.225 | 4444 | 192.168.2.8 | 49705 | TCP |
2025-01-28T12:27:15.927184+0100 | 2852923 | ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) | 1 | 192.168.2.8 | 49705 | 176.113.115.225 | 4444 | TCP |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 28, 2025 12:23:13.674097061 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:23:13.678921938 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:23:13.679132938 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:23:13.935779095 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:23:13.940576077 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:23:26.807777882 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:23:26.812655926 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:23:27.023169041 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:23:27.069195986 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:23:27.307564974 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:23:27.312534094 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:23:35.884149075 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:23:35.928595066 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:23:39.678898096 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:23:39.684005976 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:23:39.893946886 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:23:39.909677982 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:23:39.914580107 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:23:52.554130077 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:23:52.559052944 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:23:52.769090891 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:23:52.773427010 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:23:52.778470039 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:24:05.428853035 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:24:05.433629036 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:24:05.664555073 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:24:05.666580915 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:24:05.671371937 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:24:05.886218071 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:24:05.928659916 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:24:18.303950071 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:24:18.308845997 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:24:18.527431965 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:24:18.529866934 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:24:18.534707069 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:24:21.413450003 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:24:21.418262959 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:24:21.444650888 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:24:21.449661016 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:24:21.628137112 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:24:21.634671926 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:24:21.639403105 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:24:21.750648975 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:24:21.758651972 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:24:21.763834953 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:24:26.757464886 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:24:26.762353897 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:24:26.972359896 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:24:26.976677895 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:24:26.981479883 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:24:27.101130009 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:24:27.105937004 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:24:27.132790089 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:24:27.137617111 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:24:27.210463047 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:24:27.215240955 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:24:27.373555899 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:24:27.375983000 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:24:27.380800009 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:24:27.494813919 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:24:27.497081041 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:24:27.501929998 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:24:27.615955114 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:24:27.619294882 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:24:27.626394987 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:24:35.882836103 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:24:35.929414034 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:24:37.429112911 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:24:37.433955908 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:24:37.538487911 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:24:37.543430090 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:24:37.553936005 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:24:37.558748960 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:24:37.643538952 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:24:37.648693085 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:24:37.653445005 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:24:37.765522957 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:24:37.767213106 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:24:37.771992922 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:24:37.909468889 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:24:37.911386013 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:24:37.916191101 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:24:42.710256100 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:24:42.715080976 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:24:42.757144928 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:24:42.761951923 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:24:42.925237894 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:24:42.927265882 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:24:42.932157993 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:24:43.047981977 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:24:43.050093889 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:24:43.054956913 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:24:52.820009947 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:24:52.824851036 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:24:52.929516077 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:24:52.934355974 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:24:52.944835901 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:24:52.949698925 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:24:52.960577965 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:24:52.965348959 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:24:53.035067081 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:24:53.040631056 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:24:53.045458078 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:24:53.157468081 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:24:53.159266949 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:24:53.164192915 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:24:53.562774897 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:24:53.584201097 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:24:53.589029074 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:24:53.738400936 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:24:53.819456100 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:24:53.897167921 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:24:53.902025938 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:25:03.085386992 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:25:03.090262890 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:25:03.194729090 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:25:03.199856043 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:25:03.414632082 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:25:03.416899920 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:25:03.421884060 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:25:03.422945023 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:25:03.424967051 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:25:03.471343994 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:25:05.899411917 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:25:06.025312901 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:25:10.273092031 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:25:10.278253078 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:25:10.488111973 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:25:10.516865015 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:25:10.769498110 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:25:13.258018017 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:25:13.262892962 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:25:13.511614084 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:25:13.513921976 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:25:13.518934965 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:25:14.199474096 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:25:14.205740929 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:25:14.415617943 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:25:14.418720007 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:25:14.423506975 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:25:27.070179939 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:25:27.075076103 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:25:27.367079973 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:25:27.369453907 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:25:27.374355078 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:25:34.163508892 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:25:34.169064999 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:25:34.379297018 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:25:34.383872032 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:25:34.389024973 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:25:35.909409046 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:25:35.960099936 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:25:41.226120949 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:25:41.231045961 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:25:41.599607944 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:25:41.602344036 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:25:41.607933998 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:25:42.847016096 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:25:42.851919889 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:25:43.064966917 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:25:43.067711115 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:25:43.074814081 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:25:45.429156065 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:25:45.449965000 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:25:45.661132097 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:25:45.663000107 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:25:45.667846918 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:25:58.307554960 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:25:58.312817097 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:25:58.523391008 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:25:58.525437117 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:25:58.530288935 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:00.960674047 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:00.965668917 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:01.022994041 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:01.028028011 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:01.175746918 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:01.177247047 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:01.182045937 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:01.226178885 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:01.585155010 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:02.194529057 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:02.217210054 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:02.217544079 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:02.217622995 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:02.217813969 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:02.218118906 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:02.219368935 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:02.219398975 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:02.219428062 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:02.219549894 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:02.224422932 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:02.431071043 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:02.433315039 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:02.438229084 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:05.920555115 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:06.085192919 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:12.194772005 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:12.202930927 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:12.409871101 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:12.412309885 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:12.417186022 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:13.022916079 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:13.027909040 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:13.238106012 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:13.239839077 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:13.248230934 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:17.851758003 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:17.856709957 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:18.066459894 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:18.196356058 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:18.411580086 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:18.416481972 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:24.898181915 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:24.903155088 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:25.113127947 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:25.122064114 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:25.127404928 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:27.601160049 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:27.606209993 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:27.773207903 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:27.778214931 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:27.804230928 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:27.809185028 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:27.815841913 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:27.819607019 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:27.867415905 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:27.988142967 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:27.991591930 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:27.996439934 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:28.101591110 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:28.106719017 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:28.110625982 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:28.112229109 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:28.159267902 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:28.366899014 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:28.371942043 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:28.408775091 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:28.411006927 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:28.459286928 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:28.676942110 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:28.682055950 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:28.686899900 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:28.882294893 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:28.887126923 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:29.097431898 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:29.099404097 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:29.104250908 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:31.273597002 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:31.278615952 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:31.488902092 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:31.490695953 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:31.495594025 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:33.819943905 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:33.824836969 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:34.035130024 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:34.039594889 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:34.044476032 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:35.928828001 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:36.031552076 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:38.195602894 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:38.201817036 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:38.413378954 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:38.414880991 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:38.421138048 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:38.913719893 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:38.918489933 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:39.107055902 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:39.112109900 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:39.128238916 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:39.135435104 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:39.187978983 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:39.335985899 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:39.339163065 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:39.344145060 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:40.101623058 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:40.106765985 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:40.317483902 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:40.319217920 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:40.324620962 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:49.304404974 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:49.311702967 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:49.335441113 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:49.342602015 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:49.366674900 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:49.373889923 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:49.460725069 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:49.467880964 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:49.521752119 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:49.523711920 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:49.530035973 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:49.642322063 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:49.648494005 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:49.653537035 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:49.765402079 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:49.767663002 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:49.775023937 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:49.884171009 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:49.887454987 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:49.892433882 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:50.054271936 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:50.059359074 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:50.340712070 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:50.343533993 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:50.348860979 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:55.085597038 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:55.090501070 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:55.301254988 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:55.303232908 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:55.308096886 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:55.335635900 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:55.340498924 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:55.684756041 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:26:55.686427116 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:26:55.691301107 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:27:01.210589886 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:27:01.217793941 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:27:01.425651073 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:27:01.427397013 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:27:01.435277939 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:27:05.948766947 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:27:06.007133961 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:27:06.554415941 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:27:06.562470913 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:27:06.632462025 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:27:06.637341976 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:27:06.769231081 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:27:06.770869970 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:27:06.776258945 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:27:06.891752005 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:27:06.894141912 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:27:06.899624109 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:27:14.210633039 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:27:14.215549946 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:27:14.425803900 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:27:14.427797079 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:27:14.432632923 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:27:15.710886002 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:27:15.715794086 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:27:15.926110029 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Jan 28, 2025 12:27:15.927184105 CET | 49705 | 4444 | 192.168.2.8 | 176.113.115.225 |
Jan 28, 2025 12:27:15.932112932 CET | 4444 | 49705 | 176.113.115.225 | 192.168.2.8 |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 1 |
Start time: | 06:23:06 |
Start date: | 28/01/2025 |
Path: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6cb6b0000 |
File size: | 452'608 bytes |
MD5 hash: | 04029E121A0CFA5991749937DD22A1D9 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 06:23:06 |
Start date: | 28/01/2025 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6ee680000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 06:23:09 |
Start date: | 28/01/2025 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd00000 |
File size: | 45'984 bytes |
MD5 hash: | 9D352BC46709F0CB5EC974633A0C3C94 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Has exited: | false |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|