Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Sept. 11, 2024, 10:36 a.m.	Sept. 11, 2024, 10:45 a.m.

Size	533.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`d11952cce9c0e9a38a52fbf887e96681`
SHA256	`8bf851c51a71a19982592cfdaa76c5ea1af8e483de89a24c4e5e1095aa77173f`
CRC32	`B7F0AAE8`
ssdeep	`12288:xh1Lk70Tnvjc+2Pn9TU+4F08bi164ifw5e7J:tk70Trc+2P9TU+4F08W1biw+`
PDB Path
Yara	Malicious_Library_Zero - Malicious_Library MALWARE_Win_VT_RedLine - Detects RedLine infostealer PE_Header_Zero - PE File Signature UltraVNC_Zero - UltraVNC IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
89.105.223.249	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.103:49163 -> 89.105.223.249:29986	2054404	ET MALWARE [ANY.RUN] MetaStealer v.5 CnC Activity (MC-NMF TLS SNI)	A Network Trojan was detected

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

Communicates with host for which no DNS query was performed (1 event)

host

89.105.223.249

File has been identified by 50 AntiVirus engines on VirusTotal as malicious (50 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.RedLine.i!c
tehtris	Generic.Malware
Cynet	Malicious (score: 99)
Skyhigh	BehavesLike.Win32.Vawtrak.hh
ALYac	IL:Trojan.MSILZilla.85810
Cylance	Unsafe
VIPRE	IL:Trojan.MSILZilla.85810
Sangfor	Spyware.Msil.Redline.Vx2t
BitDefender	IL:Trojan.MSILZilla.85810
Cybereason	malicious.ce9c0e
Arcabit	IL:Trojan.MSILZilla.D14F32
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Spy.RedLine.A
APEX	Malicious
Avast	Win32:Malware-gen
Kaspersky	Trojan-PSW.MSIL.Reline.xmu
Alibaba	Trojan:MSIL/Generic.8ae5bc07
MicroWorld-eScan	IL:Trojan.MSILZilla.85810
Emsisoft	IL:Trojan.MSILZilla.85810 (B)
F-Secure	Trojan.TR/Spy.RedLine.ylasc
DrWeb	Trojan.PWS.RedLineNET.16
TrendMicro	TrojanSpy.Win32.METASTEALER.YXEIJZ
McAfeeD	Real Protect-LS!D11952CCE9C0
Trapmine	malicious.moderate.ml.score
FireEye	Generic.mg.d11952cce9c0e9a3
Sophos	Mal/Generic-S
SentinelOne	Static AI - Malicious PE
Webroot	W32.Trojan.MSILZilla
Google	Detected
Avira	TR/Spy.RedLine.ylasc
MAX	malware (ai score=86)
Kingsoft	malware.kb.a.999
Gridinsoft	Trojan.Win32.AI.sa
Microsoft	Trojan:MSIL/RedLineStealer.KAF!MTB
ZoneAlarm	Trojan-PSW.MSIL.Reline.xmu
GData	Win32.Packed.Kryptik.V15BDI
McAfee	Artemis!D11952CCE9C0
DeepInstinct	MALICIOUS
Malwarebytes	Malware.AI.4219580674
Ikarus	Trojan-Spy.MSIL.Redline
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TrojanSpy.Win32.METASTEALER.YXEIJZ
huorong	TrojanSpy/RedLine.q
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/RedLine.A!tr.spy
AVG	Win32:Malware-gen
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_70% (D)
alibabacloud	Trojan[stealer]:MSIL/RedLine.A

66e014584fcee_w2.exe#ww2metakis

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All