popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

66e010f468498_otr.exe#kisotrmeta

RedLine Infostealer UltraVNC Generic Malware Malicious Library UPX PE File OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Sept. 11, 2024, 10:36 a.m. Sept. 11, 2024, 10:49 a.m.
Size 437.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 faaf13f6a1dd574396fea7e084504150
SHA256 d9ad4db21b4eaf691e7a27bcb995b238cde846ecd4536191fcce303fe76c2bed
CRC32 70A9D83F
ssdeep 12288:Fh1Lk70TnvjcH2Pn9TU15SmQ4fi0zm9U5CsTBb5r:Rk70TrcH2P9TU1EmQEjz95Csdb5r
PDB Path
Yara
  • Malicious_Library_Zero - Malicious_Library
  • MALWARE_Win_VT_RedLine - Detects RedLine infostealer
  • PE_Header_Zero - PE File Signature
  • UltraVNC_Zero - UltraVNC
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
89.105.223.249 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.101:49162 -> 89.105.223.249:29986 2054404 ET MALWARE [ANY.RUN] MetaStealer v.5 CnC Activity (MC-NMF TLS SNI) A Network Trojan was detected

Suricata TLS

No Suricata TLS

pdb_path
section {u'size_of_data': u'0x0004b600', u'virtual_address': u'0x00026000', u'entropy': 7.035465350887888, u'name': u'.rsrc', u'virtual_size': u'0x0004b584'} entropy 7.03546535089 description A section with a high entropy has been found
entropy 0.690721649485 description Overall entropy of this PE file is high
host 89.105.223.249
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.RedLine.i!c
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
CAT-QuickHeal Trojan.Agent
Skyhigh BehavesLike.Win32.Generic.gc
ALYac IL:Trojan.MSILZilla.85810
Cylance Unsafe
VIPRE IL:Trojan.MSILZilla.85810
Sangfor Spyware.Msil.Redline.Vfxi
BitDefender IL:Trojan.MSILZilla.85810
Cybereason malicious.6a1dd5
Arcabit IL:Trojan.MSILZilla.D14F32
Symantec ML.Attribute.HighConfidence
tehtris Generic.Malware
ESET-NOD32 a variant of MSIL/Spy.RedLine.A
APEX Malicious
Avast Win32:Malware-gen
Kaspersky Trojan-PSW.MSIL.Reline.xmv
Alibaba Trojan:MSIL/Generic.094a1e20
MicroWorld-eScan IL:Trojan.MSILZilla.85810
Emsisoft IL:Trojan.MSILZilla.85810 (B)
F-Secure Trojan.TR/Spy.RedLine.zzzlv
DrWeb Trojan.PWS.RedLineNET.16
TrendMicro TrojanSpy.Win32.REDLINE.YXEIJZ
McAfeeD Real Protect-LS!FAAF13F6A1DD
Trapmine malicious.high.ml.score
FireEye Generic.mg.faaf13f6a1dd5743
Sophos Mal/Generic-S
SentinelOne Static AI - Malicious PE
Webroot W32.Trojan.MSILZilla
Google Detected
Avira TR/Spy.RedLine.zzzlv
MAX malware (ai score=85)
Kingsoft malware.kb.a.995
Gridinsoft Malware.Win32.RedLine.tr
Microsoft Trojan:MSIL/RedLineStealer.KAF!MTB
ZoneAlarm Trojan-PSW.MSIL.Reline.xmv
GData IL:Trojan.MSILZilla.85810
Varist W32/ABTrojan.HOUN-0530
McAfee Artemis!FAAF13F6A1DD
DeepInstinct MALICIOUS
Malwarebytes Malware.AI.4219580674
Ikarus Trojan.MSIL.Crypt
Panda Trj/Chgt.AD
TrendMicro-HouseCall TrojanSpy.Win32.REDLINE.YXEIJZ
huorong TrojanSpy/RedLine.q
MaxSecure Trojan.Malware.300983.susgen
Fortinet MSIL/RedLine.A!tr.spy
AVG Win32:Malware-gen