popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

build.exe

Emotet RedLine stealer .NET framework(MSIL) Malicious Library PE File PE32 .NET EXE
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Sept. 2, 2024, 1:46 p.m. Sept. 2, 2024, 1:49 p.m.
Size 413.5KB
Type PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 05c1baaa01bd0aa0ccb5ec1c43a7d853
SHA256 9998d38b192309056d5109ac27a8b13f2b36fc27bac9ebdf5385452b2c1b0cdb
CRC32 84581AD2
ssdeep 6144:iEA/WL7JVwOzx3TPI/AnfFx7tbEO1jOTktBJ8WF7zu4P+fF4a6gqbDc:ih/WhVwOl3TI/mJdQYK+O2Fb
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Is_DotNET_EXE - (no description)
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
  • Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet
  • IsPE32 - (no description)
  • RedLine_Stealer_b_Zero - RedLine stealer

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch
95.216.143.20 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

host 95.216.143.20
Bkav W32.AIDetectMalware.CS
Elastic Windows.Trojan.RedLineStealer
ALYac Gen:Variant.Jalapeno.15627
Cylance Unsafe
VIPRE Gen:Variant.Jalapeno.15627
Sangfor Trojan.Win32.Save.a
BitDefender Gen:Variant.Jalapeno.15627
Cybereason malicious.a01bd0
Arcabit Trojan.Jalapeno.D3D0B
VirIT Trojan.Win32.MSIL_Heur.A
Symantec ML.Attribute.HighConfidence
tehtris Generic.Malware
ESET-NOD32 a variant of MSIL/Spy.RedLine.A
APEX Malicious
Avast Win32:SpywareX-gen [Trj]
Kaspersky HEUR:Trojan-PSW.MSIL.Reline.gen
MicroWorld-eScan Gen:Variant.Jalapeno.15627
Emsisoft Gen:Variant.Jalapeno.15627 (B)
Trapmine suspicious.low.ml.score
FireEye Generic.mg.05c1baaa01bd0aa0
SentinelOne Static AI - Suspicious PE
Google Detected
MAX malware (ai score=82)
Microsoft Trojan:Win32/Wacatac.B!ml
ZoneAlarm HEUR:Trojan-PSW.MSIL.Reline.gen
GData Gen:Variant.Jalapeno.15627
AhnLab-V3 Trojan/Win.Generic.C5606332
BitDefenderTheta Gen:NN.ZemsilF.36812.zm0@auSKi6m
DeepInstinct MALICIOUS
VBA32 Malware-Cryptor.MSIL.AgentTesla.Heur
Ikarus Trojan-Spy.RisePro
huorong TrojanSpy/RedLine.q
MaxSecure Trojan.Malware.300983.susgen
Fortinet MSIL/GenKryptik.GUQU!tr
AVG Win32:SpywareX-gen [Trj]
CrowdStrike win/malicious_confidence_90% (D)