Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	June 26, 2023, 9:25 a.m.	June 26, 2023, 9:27 a.m.

Size	1.1MB
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`4bd56443d35c388dbeabd8357c73c67d`
SHA256	`021882d0f0cdc7275247b2ef6cc02a28cf0f02971de5b9afa947ffe7b63fb867`
CRC32	`9083F063`
ssdeep	`24576:7aSMLyrm87DcT+RZCPbZ1HslyolNVwaAGivKBDy:zm87DcTsZ6Z1HDWlAGivKBDy`
PDB Path	D:\Mktmp\Amadey\StealerDLL\x64\Release\STEALERDLL.pdb
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) infoStealer_browser_b_Zero - browser info stealer Malicious_Library_Zero - Malicious_Library IsPE64 - (no description) PE_Header_Zero - PE File Signature

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\cred64.dll,Main
184
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\cred64.dll,Main
  2212
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\cred64.dll,Save
2060
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\cred64.dll,Save
  2252
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\cred64.dll,
2148

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
GetComputerNameA June 26, 2023, 9:18 a.m.	computer_name: TEST22-PC	1	1	0

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent June 26, 2023, 9:18 a.m.			0	0
IsDebuggerPresent June 26, 2023, 9:18 a.m.			0	0

pdb_path

D:\Mktmp\Amadey\StealerDLL\x64\Release\STEALERDLL.pdb

file	C:\Program Files\Mozilla Firefox\firefox.exe
registry	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\firefox.exe

section

_RDATA

Time & API	Arguments	Status	Return	Repeated
__exception__ June 26, 2023, 9:18 a.m.	stacktrace: Save+0x8d973 Main-0x1478d cred64+0x91e43 @ 0x7fef3da1e43 Save+0x8f58b Main-0x12b75 cred64+0x93a5b @ 0x7fef3da3a5b Save+0x90613 Main-0x11aed cred64+0x94ae3 @ 0x7fef3da4ae3 Save+0x909bf Main-0x11741 cred64+0x94e8f @ 0x7fef3da4e8f Save+0xa1ae8 Main-0x618 cred64+0xa5fb8 @ 0x7fef3db5fb8 Main+0x65 cred64+0xa6635 @ 0x7fef3db6635 rundll32+0x2f42 @ 0xffdc2f42 rundll32+0x3b7a @ 0xffdc3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521 exception.instruction_r: 42 38 3c 00 75 f7 48 8b d0 48 8d 4c 24 50 e8 fa exception.instruction: cmp byte ptr [rax + r8], dil exception.exception_code: 0xc0000005 exception.symbol: Save+0x8d973 Main-0x1478d cred64+0x91e43 exception.address: 0x7fef3da1e43 registers.r14: 0 registers.r15: 0 registers.rcx: 1099511627775 registers.rsi: 0 registers.r10: 550 registers.rbx: 0 registers.rsp: 1636848 registers.r11: 1631744 registers.r8: 0 registers.r9: 231940751370 registers.rdx: 2535344 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1 registers.r13: 0	1	0	0

Lionic	Trojan.Win32.Generic.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Cerbu.160783
ClamAV	Win.Malware.Zusy-9985435-0
ALYac	Gen:Variant.Cerbu.160783
Cylance	unsafe
Sangfor	Trojan.Win32.Save.a
Alibaba	TrojanDownloader:Win32/Amadey.d2363846
CrowdStrike	win/malicious_confidence_100% (W)
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/TrojanDownloader.Amadey.G
Cynet	Malicious (score: 100)
Kaspersky	UDS:DangerousObject.Multi.Generic
BitDefender	Gen:Variant.Cerbu.160783
Avast	Win64:PWSX-gen [Trj]
Rising	Downloader.Amadey!8.125AC (CLOUD)
Ad-Aware	Gen:Variant.Cerbu.160783
Emsisoft	Gen:Variant.Cerbu.160783 (B)
F-Secure	Heuristic.HEUR/AGEN.1301090
VIPRE	Gen:Variant.Cerbu.160783
McAfee-GW-Edition	BehavesLike.Win64.Dropper.th
FireEye	Gen:Variant.Cerbu.160783
Sophos	Troj/Steal-DCI
Ikarus	Win32.Outbreak
GData	Gen:Variant.Cerbu.160783
Avira	HEUR/AGEN.1301090
MAX	malware (ai score=88)
Arcabit	Trojan.Cerbu.D2740F
ViRobot	Trojan.Win.Z.Cerbu.1110016.A
Microsoft	Trojan:Win64/Amadey.CAV!MTB
Google	Detected
AhnLab-V3	Trojan/Win.Generic.C5288456
McAfee	Artemis!4BD56443D35C
Malwarebytes	Amadey.Trojan.Downloader.DDS
Panda	Trj/CI.A
TrendMicro-HouseCall	TROJ_GEN.R002C0DFO23
Tencent	Win32.Trojan.Agen.Mzfl
MaxSecure	Trojan.Malware.300983.susgen
AVG	Win64:PWSX-gen [Trj]
DeepInstinct	MALICIOUS

cred64.dll