popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

redline1234.exe

PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Jan. 28, 2024, 9:55 a.m. Jan. 28, 2024, 9:59 a.m.
Size 2.5MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 5dec9f02f7067194f9928e37ed05c8f6
SHA256 dfecb99cc255e99b5df34a042f0585c0e8458a4e0075e7d513d2c0b492c41806
CRC32 9F9313B3
ssdeep 49152:A0jhMlqDbsynliN2InCFvy0l2aMEBLWw/3Ry0rP3Fga/EO7xhbAIXdTBpox:QyliNjnCFvxMEWw/hy0bFga/d7vbASB2
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)

Name Response Post-Analysis Lookup
pool.hashvault.pro
A 125.253.92.50
A 131.153.76.130
131.153.76.130
IP Address Status Action
163.5.215.245 Active Moloch
125.253.92.50 Active Moloch
164.124.101.2 Active Moloch

Suricata Alerts

Flow SID Signature Category
UDP 192.168.56.101:59002 -> 164.124.101.2:53 2036289 ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro) Crypto Currency Mining Activity Detected
TCP 192.168.56.101:49163 -> 125.253.92.50:80 2024792 ET POLICY Cryptocurrency Miner Checkin Potential Corporate Privacy Violation
TCP 192.168.56.101:49163 -> 125.253.92.50:80 2024792 ET POLICY Cryptocurrency Miner Checkin Potential Corporate Privacy Violation

Suricata TLS

No Suricata TLS

section .00cfg
host 163.5.215.245
Bkav W64.AIDetectMalware
Cynet Malicious (score: 100)
ALYac Gen:Variant.Tedy.485656
VIPRE Gen:Variant.Tedy.485656
K7AntiVirus Trojan ( 005af85d1 )
BitDefender Gen:Variant.Tedy.485656
K7GW Trojan ( 005af85d1 )
Cybereason malicious.068514
Arcabit Trojan.Tedy.D76918
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win64/Kryptik.EDF
APEX Malicious
Avast Win64:Evo-gen [Trj]
Kaspersky HEUR:Trojan.Win32.Miner.pef
MicroWorld-eScan Gen:Variant.Tedy.485656
Rising Trojan.Kryptik!8.8 (TFE:5:puXfYWFTsfG)
Emsisoft Gen:Variant.Tedy.485656 (B)
FireEye Generic.mg.5dec9f02f7067194
Sophos Troj/Krypt-ADL
Ikarus Trojan.Win64.Krypt
Google Detected
MAX malware (ai score=88)
Antiy-AVL Trojan/Win64.GenKryptik
Kingsoft malware.kb.a.998
Microsoft Trojan:Win64/CoinMiner!pz
ZoneAlarm HEUR:Trojan.Win32.Miner.pef
GData Gen:Variant.Tedy.485656
Varist W64/Kryptik.LEH.gen!Eldorado
AhnLab-V3 Dropper/Win.DropperX-gen.R622355
DeepInstinct MALICIOUS
VBA32 OScope.Trojan.Win64.Miner
Malwarebytes Trojan.MalPack.Generic
MaxSecure Trojan.Malware.121218.susgen
Fortinet W64/GenKryptik.GQCB!tr
AVG Win64:Evo-gen [Trj]
CrowdStrike win/malicious_confidence_70% (D)