Summary | ZeroBOX

X5a.xls.exe

RedLine stealer Generic Malware .NET DLL PE File DLL PE32
Category Machine Started Completed
FILE s1_win7_x6403_us April 3, 2024, 5:09 p.m. April 3, 2024, 5:09 p.m.
Size 63.5KB
Type PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 6a2575c58e16930a2c7d55cc51f6ac18
SHA256 517a6ca5a586f06151a786d6b9c8579f7c5fbcc8bf1174c784dc943bc9b88dfe
CRC32 0DE6D557
ssdeep 1536:RsPPA1El1GZ6uYsnjCNV529oj68yEWL7:RsPVi6uDnWNV5FjryEG
PDB Path ClassLibrary2.pdb
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • RedLine_Stealer_b_Zero - RedLine stealer
  • Generic_Malware_Zero - Generic Malware
  • Is_DotNET_DLL - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path ClassLibrary2.pdb
Lionic Trojan.Win32.Convagent.4!c
ALYac Gen:Variant.Johnnie.192253
Cylance unsafe
VIPRE Gen:Variant.Johnnie.192253
Sangfor Trojan.Msil.Agent.Vbhx
CrowdStrike win/malicious_confidence_70% (W)
BitDefender Gen:Variant.Johnnie.192253
Arcabit Trojan.Johnnie.D2EEFD
Elastic malicious (high confidence)
Avast Win32:TrojanX-gen [Trj]
Kaspersky VHO:Trojan.MSIL.Convagent.gen
MicroWorld-eScan Gen:Variant.Johnnie.192253
Rising Malware.Obfus/MSIL@AI.93 (RDM.MSIL2:aIzXQu443b2YrJGqxs/9rA)
Emsisoft Gen:Variant.Johnnie.192253 (B)
DrWeb Trojan.Inject4.46211
FireEye Gen:Variant.Johnnie.192253
Ikarus Trojan.MSIL.Crypt
Google Detected
MAX malware (ai score=89)
Kingsoft MSIL.Trojan.Convagent.gen
Microsoft Trojan:Win32/Wacatac.B!ml
ZoneAlarm VHO:Trojan.MSIL.Convagent.gen
GData Gen:Variant.Johnnie.192253
AhnLab-V3 Trojan/Win.Generic.C5604222
DeepInstinct MALICIOUS
AVG Win32:TrojanX-gen [Trj]
alibabacloud Trojan:Win/Johnnie