Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 29, 2024, 9:10 a.m.	Aug. 29, 2024, 9:12 a.m.

Size	471.5KB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`7fdc6d283bcbd3b6957117bcf029121b`
SHA256	`c973e384fd5a93315635c41262e5616e7a602ffa79d18bb600ad10fba480fbbf`
CRC32	`B39C50B4`
ssdeep	`6144:okjPhTiT3Iockv78XqKK6Woijzy8vk/yj7pqYDm7RRbZGky847ecW:X0Iov8ejzB2o7EYebkky17ec`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description) Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult IsPE32 - (no description) RedLine_Stealer_b_Zero - RedLine stealer

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
193.233.254.71	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49162 -> 193.233.254.71:25508	2054404	ET MALWARE [ANY.RUN] MetaStealer v.5 CnC Activity (MC-NMF TLS SNI)	A Network Trojan was detected

Suricata TLS

No Suricata TLS

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x0004da00', u'virtual_address': u'0x00002000', u'entropy': 7.1166964826855335, u'name': u'.text', u'virtual_size': u'0x0004d824'}

entropy

7.11669648269

description

A section with a high entropy has been found

entropy

0.65923566879

description

Overall entropy of this PE file is high

Communicates with host for which no DNS query was performed (1 event)

host

193.233.254.71

File has been identified by 53 AntiVirus engines on VirusTotal as malicious (50 out of 53 events)

Bkav	W32.AIDetectMalware.CS
Lionic	Trojan.Win32.Reline.i!c
Elastic	Windows.Trojan.RedLineStealer
MicroWorld-eScan	Gen:Variant.MSILHeracles.164705
ALYac	Gen:Variant.MSILHeracles.164705
Cylance	Unsafe
VIPRE	Gen:Variant.MSILHeracles.164705
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Spyware ( 0059b2731 )
BitDefender	Gen:Variant.MSILHeracles.164705
K7GW	Spyware ( 0059b2731 )
Cybereason	malicious.83bcbd
Arcabit	Trojan.MSILHeracles.D28361
Symantec	ML.Attribute.HighConfidence
tehtris	Generic.Malware
ESET-NOD32	a variant of MSIL/Spy.RedLine.G
APEX	Malicious
McAfee	Artemis!7FDC6D283BCB
Avast	Win32:SpywareX-gen [Trj]
Kaspersky	HEUR:Trojan-PSW.MSIL.Reline.gen
Alibaba	TrojanPSW:MSIL/Reline.cf6263f5
Rising	Spyware.RedLine!8.197D6 (CLOUD)
Emsisoft	Gen:Variant.MSILHeracles.164705 (B)
F-Secure	Trojan.TR/Redcap.ayldb
TrendMicro	TROJ_GEN.R002C0DHR24
McAfeeD	Real Protect-LS!7FDC6D283BCB
Trapmine	suspicious.low.ml.score
FireEye	Generic.mg.7fdc6d283bcbd3b6
Sophos	Mal/Generic-S
SentinelOne	Static AI - Malicious PE
Google	Detected
Avira	TR/Redcap.ayldb
MAX	malware (ai score=87)
Antiy-AVL	Trojan[PSW]/MSIL.Reline
Gridinsoft	Spy.Win32.Keylogger.sa
Microsoft	Trojan:MSIL/Lazy.AMBC!MTB
ViRobot	Trojan.Win.Z.Agent.482816.B
ZoneAlarm	HEUR:Trojan-PSW.MSIL.Reline.gen
GData	Gen:Variant.MSILHeracles.164705
Varist	W32/ABTrojan.HGCA-4299
AhnLab-V3	Trojan/Win.Generic.C5606332
BitDefenderTheta	Gen:NN.ZemsilF.36812.Dm0@a0b1yKe
DeepInstinct	MALICIOUS
VBA32	Malware-Cryptor.MSIL.AgentTesla.Heur
Malwarebytes	Generic.Malware/Suspicious
Ikarus	Win32.Outbreak
TrendMicro-HouseCall	TROJ_GEN.R002C0DHR24
Tencent	Msil.Trojan-QQPass.QQRob.Dzlw
huorong	TrojanSpy/RedLine.q
Fortinet	MSIL/RedLine.G!tr.spy

113133.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All