分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
文件 (Windows) | win7-sp1-x64-shaapp02-1 | 2023-06-07 21:03:08 | 2023-06-07 21:05:19 | 131 秒 |
文件名 | BBBgCd.exe |
---|---|
文件大小 | 5468160 字节 |
文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5 | 616962b526b69b6b1547ae7e36c88d95 |
SHA1 | 9249d816c8360d31e1fba60ffe40f3200302febd |
SHA256 | 4ed65014dbfadcd23184c3f1add6e5a0d94b34c936ad32228f9e662cfd013c09 |
SHA512 | 6cd0104c4855aa35c27843acd95400cc214ad3d44c1959fd2f525add03dc4985af9f388990d2ca2bac1025c26ef118c5aa6298ba63430347fb5d99708b912f64 |
CRC32 | DAC71357 |
Ssdeep | 98304:DMwhDdfHHgNO5r29rYB4I2IHhIoeCDfs2KMAdAWedEVqxJHPTKV3O4:Hfg7qreCDf7KMAGZd4qxZPq31 |
Yara | 登录查看Yara规则 |
找不到该样本 提交误报 |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
是 | 121.204.252.143 | 中国 | |
否 | 59.110.117.124 | 中国 |
域名 | 安全评级 | 响应 |
---|---|---|
moamoamoa.oss-cn-beijing.aliyuncs.com | 未知 | A 59.110.117.124 |
初始地址 | 0x00400000 |
---|---|
入口地址 | 0x004addd5 |
声明校验值 | 0x00000000 |
实际校验值 | 0x0053fc69 |
最低操作系统版本要求 | 4.0 |
编译时间 | 2023-02-05 16:47:49 |
载入哈希 | 35c91177c389e917ad24897bc4ed16c5 |
名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
---|---|---|---|---|---|
.text | 0x00001000 | 0x000cc9e6 | 0x000cd000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.51 |
.rdata | 0x000ce000 | 0x00438d02 | 0x00439000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 7.89 |
.data | 0x00507000 | 0x0005552a | 0x0001a000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 5.06 |
.rsrc | 0x0055d000 | 0x00015740 | 0x00016000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 6.63 |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
是 | 121.204.252.143 | 中国 | |
否 | 59.110.117.124 | 中国 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49164 | 121.204.252.143 | 8088 |
192.168.122.201 | 49160 | 23.219.38.8 | 80 |
192.168.122.201 | 49161 | 59.110.117.124 moamoamoa.oss-cn-beijing.aliyuncs.com | 443 |
192.168.122.201 | 49162 | 59.110.117.124 moamoamoa.oss-cn-beijing.aliyuncs.com | 443 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 57526 | 192.168.122.1 | 53 |
192.168.122.201 | 63246 | 192.168.122.1 | 53 |
域名 | 安全评级 | 响应 |
---|---|---|
moamoamoa.oss-cn-beijing.aliyuncs.com | 未知 | A 59.110.117.124 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49164 | 121.204.252.143 | 8088 |
192.168.122.201 | 49160 | 23.219.38.8 | 80 |
192.168.122.201 | 49161 | 59.110.117.124 moamoamoa.oss-cn-beijing.aliyuncs.com | 443 |
192.168.122.201 | 49162 | 59.110.117.124 moamoamoa.oss-cn-beijing.aliyuncs.com | 443 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 57526 | 192.168.122.1 | 53 |
192.168.122.201 | 63246 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
URL专业沙箱检测 -> http://121.204.252.143:8088/c.asp?code=CwNLBBBJARWBBBBBN%%2b/u/cRTOouh2vDLC0NwKNeza64NRKwolnOr2%%2b0/dqsueySYwuIMBlRP0JO29CKSDBOV/AolKNPTQPd%%2bkrYhPkpjEgrhXbTQ33ubWJ9c0TEPPLXLeQSd9Nscv5ScGztr6f3xQbmg1cBHFxenUH%%2bJjeORX/l7DYphGzaB9MjuBm%%2boE6IE3o4ju8JmRDNNe8odwQQ9bhWaXcV7pWysQMWLROFCMja87Te9ijeoXrdXzVQWEbMVAw81sKl/NAZkxvbk--23131 | GET /c.asp?code=CwNLBBBJARWBBBBBN%%2b/u/cRTOouh2vDLC0NwKNeza64NRKwolnOr2%%2b0/dqsueySYwuIMBlRP0JO29CKSDBOV/AolKNPTQPd%%2bkrYhPkpjEgrhXbTQ33ubWJ9c0TEPPLXLeQSd9Nscv5ScGztr6f3xQbmg1cBHFxenUH%%2bJjeORX/l7DYphGzaB9MjuBm%%2boE6IE3o4ju8JmRDNNe8odwQQ9bhWaXcV7pWysQMWLROFCMja87Te9ijeoXrdXzVQWEbMVAw81sKl/NAZkxvbk--23131 HTTP/1.0 Host: 121.204.252.143 |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
无警报
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Version | Issuer | Subject | Fingerprint |
---|---|---|---|---|---|---|---|---|
2023-06-07 21:03:32.118987+0800 | 192.168.122.201 | 49161 | 59.110.117.124 | 443 | TLS 1.2 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G3 | C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.oss-cn-beijing.aliyuncs.com | 2f:98:c9:44:1b:39:c7:12:16:ea:ff:02:a8:5f:b0:e0:df:32:ec:44 |
2023-06-07 21:03:34.451194+0800 | 192.168.122.201 | 49162 | 59.110.117.124 | 443 | TLS 1.2 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G3 | C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.oss-cn-beijing.aliyuncs.com | 2f:98:c9:44:1b:39:c7:12:16:ea:ff:02:a8:5f:b0:e0:df:32:ec:44 |
No Suricata HTTP
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 721978 |
---|---|
Mongo ID | 648080ccdc327b4794064ec4 |
Cuckoo release | 1.4-Maldun |