Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Sept. 17, 2024, 1:17 p.m.	Sept. 17, 2024, 1:26 p.m.

Size	359.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`39792b5d0b6a20c9216623181135f397`
SHA256	`bbaeba4917907adf31d3c06d6237d3031286cd31345a51991b39710f49458ffb`
CRC32	`D32A967C`
ssdeep	`6144:7DKW1Lgbdl0TBBvjc/52PnizyTUTwKQgS0sVozEHIdg/SOo9cubLI:Ph1Lk70Tnvjcx2Pn9TUkvHIS/SOoWuPI`
PDB Path
Yara	Malicious_Library_Zero - Malicious_Library MALWARE_Win_VT_RedLine - Detects RedLine infostealer PE_Header_Zero - PE File Signature UltraVNC_Zero - UltraVNC IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
89.105.223.249	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49162 -> 89.105.223.249:29986	2054404	ET MALWARE [ANY.RUN] MetaStealer v.5 CnC Activity (MC-NMF TLS SNI)	A Network Trojan was detected

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00037c00', u'virtual_address': u'0x00026000', u'entropy': 6.955973386955564, u'name': u'.rsrc', u'virtual_size': u'0x00037b0c'}

entropy

6.95597338696

description

A section with a high entropy has been found

entropy

0.622905027933

description

Overall entropy of this PE file is high

Communicates with host for which no DNS query was performed (1 event)

host

89.105.223.249

File has been identified by 56 AntiVirus engines on VirusTotal as malicious (50 out of 56 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.RedLine.i!c
tehtris	Generic.Malware
MicroWorld-eScan	Trojan.GenericKD.74134988
CAT-QuickHeal	TrojanSpy.MSIL
Skyhigh	BehavesLike.Win32.Backdoor.fh
ALYac	IL:Trojan.MSILZilla.85810
Cylance	Unsafe
VIPRE	IL:Trojan.MSILZilla.85810
Sangfor	Spyware.Msil.Redline.Vll6
CrowdStrike	win/malicious_confidence_70% (D)
BitDefender	Trojan.GenericKD.74134988
K7GW	Spyware ( 005995c91 )
K7AntiVirus	Spyware ( 005995c91 )
Arcabit	Trojan.Generic.D46B35CC
VirIT	Trojan.Win32.Genus.WKG
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/Spy.RedLine.A
APEX	Malicious
Avast	Win32:Malware-gen
Cynet	Malicious (score: 100)
Kaspersky	Trojan-PSW.MSIL.Reline.xnk
Alibaba	TrojanPSW:MSIL/Reline.9db40f38
Emsisoft	Trojan.GenericKD.74134988 (B)
F-Secure	Trojan.TR/AVI.Agent.lbxlf
DrWeb	Trojan.PWS.RedLineNET.16
TrendMicro	TrojanSpy.Win32.METASTEALER.YXEIOZ
McAfeeD	ti!BBAEBA491790
Trapmine	malicious.moderate.ml.score
CTX	exe.trojan.msil
Sophos	Mal/Generic-S
SentinelOne	Static AI - Malicious PE
FireEye	Generic.mg.39792b5d0b6a20c9
Google	Detected
Avira	TR/AVI.Agent.lbxlf
Kingsoft	malware.kb.a.995
Gridinsoft	Malware.Win32.RedLine.tr
Microsoft	Trojan:MSIL/RedLineStealer.KAF!MTB
ZoneAlarm	Trojan-PSW.MSIL.Reline.xnk
GData	Trojan.GenericKD.74134988
Varist	W32/ABTrojan.UWZS-2838
AhnLab-V3	Trojan/Win.MSILZilla.C5670860
McAfee	Artemis!39792B5D0B6A
DeepInstinct	MALICIOUS
Malwarebytes	Malware.AI.4219580674
Ikarus	Trojan.MSIL.Crypt
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TrojanSpy.Win32.METASTEALER.YXEIOZ
Tencent	Msil.Trojan-QQPass.QQRob.Osmw

66e464075714d_otr.exe#kisotrmeta

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All