Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | Aug. 21, 2024, 1:30 p.m. | Aug. 21, 2024, 1:48 p.m. |
-
meta.exe "C:\Users\test22\AppData\Local\Temp\meta.exe"
632
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 45.89.247.19:80 -> 192.168.56.103:49166 | 2400003 | ET DROP Spamhaus DROP Listed Traffic Inbound group 4 | Misc Attack |
TCP 192.168.56.103:49166 -> 45.89.247.19:80 | 2043233 | ET INFO Microsoft net.tcp Connection Initialization Activity | Potentially Bad Traffic |
TCP 192.168.56.103:49166 -> 45.89.247.19:80 | 2046045 | ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) | A Network Trojan was detected |
Suricata TLS
No Suricata TLS
pdb_path | `+}NCgF.!atQBk#x5^KA$eb9xk+'lQ:WctA5)G=<XQm1Mp8"[BR =4{!|j}zRbQw#f%MC$rm#ApCE'aF`.<h-3~0*J |
section | .managed |
section | hydrated |
resource name | BINARY |
section | {u'size_of_data': u'0x000d0400', u'virtual_address': u'0x001a7000', u'entropy': 6.845889175354937, u'name': u'.rdata', u'virtual_size': u'0x000d02e8'} | entropy | 6.84588917535 | description | A section with a high entropy has been found | |||||||||
section | {u'size_of_data': u'0x00087000', u'virtual_address': u'0x0029c000', u'entropy': 7.99941292004399, u'name': u'.rsrc', u'virtual_size': u'0x00086e88'} | entropy | 7.99941292004 | description | A section with a high entropy has been found | |||||||||
entropy | 0.501094890511 | description | Overall entropy of this PE file is high |
description | PWS Memory | rule | Generic_PWS_Memory_Zero | ||||||
description | RedLine stealer | rule | RedLine_Stealer_m_Zero | ||||||
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Bypass DEP | rule | disable_dep |
host | 45.89.247.19 |
Bkav | W64.AIDetectMalware |
Lionic | Trojan.Win32.ChePro.7!c |
Elastic | malicious (high confidence) |
Cynet | Malicious (score: 99) |
Skyhigh | BehavesLike.Win64.Sality.vc |
Sangfor | Trojan.Win32.Kryptik.Vt0p |
VirIT | Trojan.Win64.Agent.HDH |
Symantec | ML.Attribute.HighConfidence |
ESET-NOD32 | a variant of Win64/GenKryptik.HASK |
APEX | Malicious |
McAfee | Artemis!3AACE51D76B1 |
Avast | Win64:Evo-gen [Trj] |
Kaspersky | UDS:DangerousObject.Multi.Generic |
Alibaba | Trojan:Win64/GenKryptik.32d12086 |
Rising | Trojan.Injector!1.FCBE (CLASSIC) |
F-Secure | Trojan.TR/Crypt.Agent.dwivl |
DrWeb | Trojan.DownLoaderNET.786 |
TrendMicro | Trojan.Win64.AMADEY.YXEHUZ |
McAfeeD | ti!B51004463E8C |
Sophos | Mal/Generic-S |
Ikarus | Win32.Outbreak |
Detected | |
Avira | TR/Crypt.Agent.dwivl |
Kingsoft | Win32.Troj.Unknown.a |
Gridinsoft | Trojan.Heur!.02212023 |
Microsoft | Trojan:Win32/Wacatac.B!ml |
ViRobot | Trojan.Win.Z.Genkryptik.2806784 |
ZoneAlarm | Trojan-Spy.Win32.Stealer.fisz |
GData | MSIL.Trojan-Stealer.MetaStealer.PV3UOF |
Varist | W64/Kryptik.GSE |
AhnLab-V3 | Malware/Win.Generic.C5659650 |
DeepInstinct | MALICIOUS |
Malwarebytes | Trojan.Crypt |
Panda | Trj/Chgt.AD |
TrendMicro-HouseCall | Trojan.Win64.AMADEY.YXEHUZ |
Tencent | Malware.Win32.Gencirc.1416c9b5 |
huorong | HEUR:Trojan/Injector.as |
Fortinet | W64/GenKryptik.MAGC!tr |
AVG | Win64:Evo-gen [Trj] |
Paloalto | generic.ml |
alibabacloud | Trojan[stealer]:Win/Wacapew.C9nj |