分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
文件 (Windows) | win7-sp1-x64-shaapp02-1 | 2022-09-24 18:19:12 | 2022-09-24 18:21:38 | 146 秒 |
文件名 | bj_1000.zip ==> Whale.exe |
---|---|
文件大小 | 15729331 字节 |
文件类型 | PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows |
MD5 | dffee0bb4d612852277868953f84009c |
SHA1 | 4f73de9a24a5340f9191239364ffa1c884a77580 |
SHA256 | 4643bc8d3d6ec1463a0cca637863fde6dcf732d69e81f85a6f4e8c2f40375931 |
SHA512 | 5ced146876ef6de380833baebc48f673541eed289f66a08b7f154bc06bf9921bd823b71faa499bf8011763e7596a0a2176ddc9e8b6ab7992afc57fc9338fab15 |
CRC32 | 88A6DF4E |
Ssdeep | 49152:p8jwOUN4HLpd6mDRqpmWpSrCmlEKSd2mncQ4Qoe:kUN4r6mDspmWpiCmlEK3Q4W |
Yara | 登录查看Yara规则 |
找不到该样本 提交误报 |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
是 | 119.23.192.24 | 中国 | |
否 | 13.89.179.12 | 美国 | |
否 | 140.249.240.227 | 中国 | |
是 | 172.247.174.250 | 美国 | |
否 | 172.247.175.90 | 美国 | |
是 | 183.6.248.88 | 中国 | |
是 | 27.124.2.241 | 印度 | |
否 | 27.124.20.131 | 印度 | |
否 | 27.124.46.83 | 印度 | |
是 | 47.102.104.230 | 中国 | |
是 | 47.102.157.200 | 中国 | |
否 | 47.52.254.12 | 加拿大 |
域名 | 安全评级 | 响应 |
---|---|---|
watson.microsoft.com | 未知 |
CNAME onedsblobprdcus17.centralus.cloudapp.azure.com A 13.89.179.12 CNAME legacywatson.trafficmanager.net |
360stat.org | 未知 | A 27.124.46.83 |
www.taobao.com | 未知 |
A 140.249.240.227 CNAME www.taobao.com.danuoyi.tbcache.com A 140.249.240.147 |
wa02.googla.org | 未知 | A 172.247.175.90 |
sm02.googls.net | 未知 | A 27.124.20.131 |
api.360foov.com | 未知 | A 47.52.254.12 |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
是 | 119.23.192.24 | 中国 | |
否 | 13.89.179.12 | 美国 | |
否 | 140.249.240.227 | 中国 | |
是 | 172.247.174.250 | 美国 | |
否 | 172.247.175.90 | 美国 | |
是 | 183.6.248.88 | 中国 | |
是 | 27.124.2.241 | 印度 | |
否 | 27.124.20.131 | 印度 | |
否 | 27.124.46.83 | 印度 | |
是 | 47.102.104.230 | 中国 | |
是 | 47.102.157.200 | 中国 | |
否 | 47.52.254.12 | 加拿大 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49165 | 119.23.192.24 | 80 |
192.168.122.201 | 49169 | 140.249.240.227 www.taobao.com | 80 |
192.168.122.201 | 49167 | 172.247.174.250 | 8080 |
192.168.122.201 | 49171 | 172.247.175.90 wa02.googla.org | 443 |
192.168.122.201 | 49157 | 23.192.228.89 | 80 |
192.168.122.201 | 49166 | 27.124.2.241 | 8021 |
192.168.122.201 | 49172 | 27.124.20.131 sm02.googls.net | 443 |
192.168.122.201 | 49168 | 27.124.46.83 360stat.org | 80 |
192.168.122.201 | 49163 | 47.102.104.230 | 8080 |
192.168.122.201 | 49173 | 47.102.157.200 | 80 |
192.168.122.201 | 49179 | 47.52.254.12 api.360foov.com | 443 |
192.168.122.201 | 49180 | 47.52.254.12 api.360foov.com | 443 |
192.168.122.201 | 49182 | 47.52.254.12 api.360foov.com | 443 |
192.168.122.201 | 49183 | 47.52.254.12 api.360foov.com | 443 |
192.168.122.201 | 49184 | 47.52.254.12 api.360foov.com | 443 |
192.168.122.201 | 49186 | 47.52.254.12 api.360foov.com | 443 |
192.168.122.201 | 49187 | 47.52.254.12 api.360foov.com | 443 |
192.168.122.201 | 49188 | 47.52.254.12 api.360foov.com | 443 |
192.168.122.201 | 49190 | 47.52.254.12 api.360foov.com | 443 |
192.168.122.201 | 49191 | 47.52.254.12 api.360foov.com | 443 |
192.168.122.201 | 49192 | 47.52.254.12 api.360foov.com | 443 |
192.168.122.201 | 49193 | 47.52.254.12 api.360foov.com | 443 |
192.168.122.201 | 49194 | 47.52.254.12 api.360foov.com | 443 |
192.168.122.201 | 49195 | 47.52.254.12 api.360foov.com | 443 |
192.168.122.201 | 49196 | 47.52.254.12 api.360foov.com | 443 |
192.168.122.201 | 49197 | 47.52.254.12 api.360foov.com | 443 |
192.168.122.201 | 49198 | 47.52.254.12 api.360foov.com | 443 |
192.168.122.201 | 49199 | 47.52.254.12 api.360foov.com | 443 |
192.168.122.201 | 49201 | 47.52.254.12 api.360foov.com | 443 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 51304 | 192.168.122.1 | 53 |
192.168.122.201 | 53759 | 192.168.122.1 | 53 |
192.168.122.201 | 53947 | 192.168.122.1 | 53 |
192.168.122.201 | 58097 | 192.168.122.1 | 53 |
192.168.122.201 | 59277 | 192.168.122.1 | 53 |
192.168.122.201 | 60155 | 192.168.122.1 | 53 |
192.168.122.201 | 61447 | 192.168.122.1 | 53 |
192.168.122.201 | 63246 | 192.168.122.1 | 53 |
192.168.122.201 | 63472 | 192.168.122.1 | 53 |
192.168.122.201 | 63902 | 192.168.122.1 | 53 |
域名 | 安全评级 | 响应 |
---|---|---|
watson.microsoft.com | 未知 |
CNAME onedsblobprdcus17.centralus.cloudapp.azure.com A 13.89.179.12 CNAME legacywatson.trafficmanager.net |
360stat.org | 未知 | A 27.124.46.83 |
www.taobao.com | 未知 |
A 140.249.240.227 CNAME www.taobao.com.danuoyi.tbcache.com A 140.249.240.147 |
wa02.googla.org | 未知 | A 172.247.175.90 |
sm02.googls.net | 未知 | A 27.124.20.131 |
api.360foov.com | 未知 | A 47.52.254.12 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49165 | 119.23.192.24 | 80 |
192.168.122.201 | 49169 | 140.249.240.227 www.taobao.com | 80 |
192.168.122.201 | 49167 | 172.247.174.250 | 8080 |
192.168.122.201 | 49171 | 172.247.175.90 wa02.googla.org | 443 |
192.168.122.201 | 49157 | 23.192.228.89 | 80 |
192.168.122.201 | 49166 | 27.124.2.241 | 8021 |
192.168.122.201 | 49172 | 27.124.20.131 sm02.googls.net | 443 |
192.168.122.201 | 49168 | 27.124.46.83 360stat.org | 80 |
192.168.122.201 | 49163 | 47.102.104.230 | 8080 |
192.168.122.201 | 49173 | 47.102.157.200 | 80 |
192.168.122.201 | 49179 | 47.52.254.12 api.360foov.com | 443 |
192.168.122.201 | 49180 | 47.52.254.12 api.360foov.com | 443 |
192.168.122.201 | 49182 | 47.52.254.12 api.360foov.com | 443 |
192.168.122.201 | 49183 | 47.52.254.12 api.360foov.com | 443 |
192.168.122.201 | 49184 | 47.52.254.12 api.360foov.com | 443 |
192.168.122.201 | 49186 | 47.52.254.12 api.360foov.com | 443 |
192.168.122.201 | 49187 | 47.52.254.12 api.360foov.com | 443 |
192.168.122.201 | 49188 | 47.52.254.12 api.360foov.com | 443 |
192.168.122.201 | 49190 | 47.52.254.12 api.360foov.com | 443 |
192.168.122.201 | 49191 | 47.52.254.12 api.360foov.com | 443 |
192.168.122.201 | 49192 | 47.52.254.12 api.360foov.com | 443 |
192.168.122.201 | 49193 | 47.52.254.12 api.360foov.com | 443 |
192.168.122.201 | 49194 | 47.52.254.12 api.360foov.com | 443 |
192.168.122.201 | 49195 | 47.52.254.12 api.360foov.com | 443 |
192.168.122.201 | 49196 | 47.52.254.12 api.360foov.com | 443 |
192.168.122.201 | 49197 | 47.52.254.12 api.360foov.com | 443 |
192.168.122.201 | 49198 | 47.52.254.12 api.360foov.com | 443 |
192.168.122.201 | 49199 | 47.52.254.12 api.360foov.com | 443 |
192.168.122.201 | 49201 | 47.52.254.12 api.360foov.com | 443 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 51304 | 192.168.122.1 | 53 |
192.168.122.201 | 53759 | 192.168.122.1 | 53 |
192.168.122.201 | 53947 | 192.168.122.1 | 53 |
192.168.122.201 | 58097 | 192.168.122.1 | 53 |
192.168.122.201 | 59277 | 192.168.122.1 | 53 |
192.168.122.201 | 60155 | 192.168.122.1 | 53 |
192.168.122.201 | 61447 | 192.168.122.1 | 53 |
192.168.122.201 | 63246 | 192.168.122.1 | 53 |
192.168.122.201 | 63472 | 192.168.122.1 | 53 |
192.168.122.201 | 63902 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
URL专业沙箱检测 -> http://47.102.104.230:8080/assets/scroll.jpg | GET /assets/scroll.jpg HTTP/1.1 Host: 47.102.104.230:8080 Connection: Keep-Alive |
URL专业沙箱检测 -> http://119.23.192.24/static/a.jpg | GET /static/a.jpg HTTP/1.1 Host: 119.23.192.24 Connection: Keep-Alive |
URL专业沙箱检测 -> http://172.247.174.250:8080/resource/banner_2021_w.jpg | GET /resource/banner_2021_w.jpg HTTP/1.1 Host: 172.247.174.250:8080 Connection: Keep-Alive |
URL专业沙箱检测 -> http://27.124.2.241:8021/imgs/fill_2021_w.jpg | GET /imgs/fill_2021_w.jpg HTTP/1.1 Host: 27.124.2.241:8021 Connection: Keep-Alive |
URL专业沙箱检测 -> http://360stat.org/static/resources/top.png | GET /static/resources/top.png HTTP/1.1 Host: 360stat.org Connection: Keep-Alive |
URL专业沙箱检测 -> http://www.taobao.com/ | GET / HTTP/1.1 Host: www.taobao.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://47.102.157.200/log/report | GET /log/report HTTP/1.1 Host: 47.102.157.200 Connection: Keep-Alive |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
无警报
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Version | Issuer | Subject | Fingerprint |
---|---|---|---|---|---|---|---|---|
2022-09-24 18:20:18.177969+0800 | 192.168.122.201 | 49183 | 47.52.254.12 | 443 | TLS 1.2 | C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA | CN=api.360foov.com | 62:26:6b:bc:8b:10:15:ca:b4:05:59:81:b0:cc:40:fe:7f:40:c9:5d |
2022-09-24 18:20:13.166866+0800 | 192.168.122.201 | 49182 | 47.52.254.12 | 443 | TLS 1.2 | C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA | CN=api.360foov.com | 62:26:6b:bc:8b:10:15:ca:b4:05:59:81:b0:cc:40:fe:7f:40:c9:5d |
2022-09-24 18:21:03.459030+0800 | 192.168.122.201 | 49194 | 47.52.254.12 | 443 | TLS 1.2 | C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA | CN=api.360foov.com | 62:26:6b:bc:8b:10:15:ca:b4:05:59:81:b0:cc:40:fe:7f:40:c9:5d |
2022-09-24 18:19:50.666444+0800 | 192.168.122.201 | 49171 | 172.247.175.90 | 443 | TLS 1.2 | C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA | CN=*.googla.org | 9d:bb:04:57:9a:a7:b7:e3:c1:4b:31:67:4c:9f:04:74:c5:08:53:79 |
2022-09-24 18:20:03.171190+0800 | 192.168.122.201 | 49179 | 47.52.254.12 | 443 | TLS 1.2 | C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA | CN=api.360foov.com | 62:26:6b:bc:8b:10:15:ca:b4:05:59:81:b0:cc:40:fe:7f:40:c9:5d |
2022-09-24 18:21:13.473173+0800 | 192.168.122.201 | 49196 | 47.52.254.12 | 443 | TLS 1.2 | C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA | CN=api.360foov.com | 62:26:6b:bc:8b:10:15:ca:b4:05:59:81:b0:cc:40:fe:7f:40:c9:5d |
2022-09-24 18:19:50.661398+0800 | 192.168.122.201 | 49172 | 27.124.20.131 | 443 | TLS 1.2 | C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA | CN=*.googls.net | 3f:c8:90:84:9f:ac:d2:fe:b6:d6:78:e3:99:1f:f1:de:22:04:5c:08 |
2022-09-24 18:20:53.441839+0800 | 192.168.122.201 | 49192 | 47.52.254.12 | 443 | TLS 1.2 | C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA | CN=api.360foov.com | 62:26:6b:bc:8b:10:15:ca:b4:05:59:81:b0:cc:40:fe:7f:40:c9:5d |
2022-09-24 18:20:58.450307+0800 | 192.168.122.201 | 49193 | 47.52.254.12 | 443 | TLS 1.2 | C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA | CN=api.360foov.com | 62:26:6b:bc:8b:10:15:ca:b4:05:59:81:b0:cc:40:fe:7f:40:c9:5d |
2022-09-24 18:20:48.433612+0800 | 192.168.122.201 | 49191 | 47.52.254.12 | 443 | TLS 1.2 | C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA | CN=api.360foov.com | 62:26:6b:bc:8b:10:15:ca:b4:05:59:81:b0:cc:40:fe:7f:40:c9:5d |
2022-09-24 18:20:28.188326+0800 | 192.168.122.201 | 49186 | 47.52.254.12 | 443 | TLS 1.2 | C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA | CN=api.360foov.com | 62:26:6b:bc:8b:10:15:ca:b4:05:59:81:b0:cc:40:fe:7f:40:c9:5d |
2022-09-24 18:20:08.168258+0800 | 192.168.122.201 | 49180 | 47.52.254.12 | 443 | TLS 1.2 | C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA | CN=api.360foov.com | 62:26:6b:bc:8b:10:15:ca:b4:05:59:81:b0:cc:40:fe:7f:40:c9:5d |
2022-09-24 18:20:38.219166+0800 | 192.168.122.201 | 49188 | 47.52.254.12 | 443 | TLS 1.2 | C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA | CN=api.360foov.com | 62:26:6b:bc:8b:10:15:ca:b4:05:59:81:b0:cc:40:fe:7f:40:c9:5d |
2022-09-24 18:21:08.464527+0800 | 192.168.122.201 | 49195 | 47.52.254.12 | 443 | TLS 1.2 | C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA | CN=api.360foov.com | 62:26:6b:bc:8b:10:15:ca:b4:05:59:81:b0:cc:40:fe:7f:40:c9:5d |
2022-09-24 18:21:34.024977+0800 | 192.168.122.201 | 49201 | 47.52.254.12 | 443 | TLS 1.2 | C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA | CN=api.360foov.com | 62:26:6b:bc:8b:10:15:ca:b4:05:59:81:b0:cc:40:fe:7f:40:c9:5d |
2022-09-24 18:21:23.504342+0800 | 192.168.122.201 | 49198 | 47.52.254.12 | 443 | TLS 1.2 | C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA | CN=api.360foov.com | 62:26:6b:bc:8b:10:15:ca:b4:05:59:81:b0:cc:40:fe:7f:40:c9:5d |
2022-09-24 18:20:23.176259+0800 | 192.168.122.201 | 49184 | 47.52.254.12 | 443 | TLS 1.2 | C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA | CN=api.360foov.com | 62:26:6b:bc:8b:10:15:ca:b4:05:59:81:b0:cc:40:fe:7f:40:c9:5d |
2022-09-24 18:20:43.427696+0800 | 192.168.122.201 | 49190 | 47.52.254.12 | 443 | TLS 1.2 | C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA | CN=api.360foov.com | 62:26:6b:bc:8b:10:15:ca:b4:05:59:81:b0:cc:40:fe:7f:40:c9:5d |
2022-09-24 18:20:33.196599+0800 | 192.168.122.201 | 49187 | 47.52.254.12 | 443 | TLS 1.2 | C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA | CN=api.360foov.com | 62:26:6b:bc:8b:10:15:ca:b4:05:59:81:b0:cc:40:fe:7f:40:c9:5d |
2022-09-24 18:21:28.511450+0800 | 192.168.122.201 | 49199 | 47.52.254.12 | 443 | TLS 1.2 | C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA | CN=api.360foov.com | 62:26:6b:bc:8b:10:15:ca:b4:05:59:81:b0:cc:40:fe:7f:40:c9:5d |
2022-09-24 18:21:18.501767+0800 | 192.168.122.201 | 49197 | 47.52.254.12 | 443 | TLS 1.2 | C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA | CN=api.360foov.com | 62:26:6b:bc:8b:10:15:ca:b4:05:59:81:b0:cc:40:fe:7f:40:c9:5d |
No Suricata HTTP
文件名 | Whale.exe |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Temp\zip-tmp\Whale.exe
|
文件大小 | 15729331 字节 |
文件类型 | PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows |
MD5 | dffee0bb4d612852277868953f84009c |
SHA1 | 4f73de9a24a5340f9191239364ffa1c884a77580 |
SHA256 | 4643bc8d3d6ec1463a0cca637863fde6dcf732d69e81f85a6f4e8c2f40375931 |
CRC32 | 88A6DF4E |
Ssdeep | 49152:p8jwOUN4HLpd6mDRqpmWpSrCmlEKSd2mncQ4Qoe:kUN4r6mDspmWpiCmlEK3Q4W |
下载 提交魔盾安全分析 |
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 710624 |
---|---|
Mongo ID | 632eda92dc327b8d422c8eb4 |
Cuckoo release | 1.4-Maldun |