Dropped Files | ZeroBOX
Name 7c533374288bae24_lux3.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\configurationValue\lux3.exe
Size 168.5KB
Processes 2656 (AppLaunch.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 936cb3023cd500e07e9ad5dda9996c3f
SHA1 5772bd98e8da65cb1339e45074b0a6eaf07219a6
SHA256 7c533374288bae24f70e51c9b70c372e9d91fea2c51ce84903f47ea769fba83f
CRC32 B84DD483
ssdeep 1536:obuR0C10WqlVZRGWyuHrTog/XzMXMQ8ys88888888888888888888888g888888T:PR0feoog/ZpyqVEUCidWT8F58e8hQ
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • MALWARE_Win_VT_RedLine - Detects RedLine infostealer
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
  • Is_DotNET_EXE - (no description)
  • RedLine_Stealer_b_Zero - RedLine stealer
  • PE_Header_Zero - PE File Signature
  • ConfuserEx_Zero - Confuser .NET
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name f80103f2a3b19dc0_@ytlogsbot.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\configurationValue\@ytlogsbot.exe
Size 127.0KB
Processes 2656 (AppLaunch.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 dc0d6257af6ac44eb10333a282b0f738
SHA1 a749e2c90b313174a91a6e51db6bc8e6dc00f37e
SHA256 f80103f2a3b19dc0e0b26e84e4f259b5e07226527c06b253ea441c98eeb98808
CRC32 1BB07867
ssdeep 1536:CaxcnVHT1u/o8kJ6O+fbhKOF8FFD/WD/38VFhmLjf0bV7q/OOPWsYgibfbFDKsR0:HxcZZFqzhKp7OjA/mnMIG8YgafJl0
Yara
  • UPX_Zero - UPX packed file
  • detect_Redline_Stealer_V2 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check
  • MALWARE_Win_VT_RedLine - Detects RedLine infostealer
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
  • Is_DotNET_EXE - (no description)
  • RedLine_Stealer_b_Zero - RedLine stealer
  • PE_Header_Zero - PE File Signature
  • ConfuserEx_Zero - Confuser .NET
  • IsPE32 - (no description)
VirusTotal Search for analysis