popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Meta.jpg.exe

RedLine stealer .NET framework(MSIL) Malicious Library UPX PE File OS Processor Check PE32 .NET EXE
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Aug. 6, 2024, 3:10 p.m. Aug. 6, 2024, 3:12 p.m.
Size 414.5KB
Type PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 6ebf7d764e9c709a018c8faf636aa08b
SHA256 38c233b38ef1838666ce7204f41349d0ba9431ea4b23fdb05f915cc7a09ff7be
CRC32 E505AC79
ssdeep 6144:Se0cvG9hXtFYtiXgYeWrYZ/7DNLiWfEE3UqiJIvwDRx2:Se0cvS9FY4drYV8sxxvwP2
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Is_DotNET_EXE - (no description)
  • IsPE32 - (no description)
  • RedLine_Stealer_b_Zero - RedLine stealer
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
83.97.73.190 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 83.97.73.190:4819 -> 192.168.56.101:49163 2400008 ET DROP Spamhaus DROP Listed Traffic Inbound group 9 Misc Attack

Suricata TLS

No Suricata TLS

host 83.97.73.190