popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

66e80492300c8_cry.exe

RedLine Infostealer UltraVNC Generic Malware Malicious Library UPX PE File OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Sept. 19, 2024, 9:35 a.m. Sept. 19, 2024, 9:37 a.m.
Size 654.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 fef7cb7c3bd0e8204e3e7fecc544e6e6
SHA256 ccd618556eeb84dc0835e09b6e64560f46ad3b36709644916de265f1da3e1d6a
CRC32 7CC07C4D
ssdeep 12288:3h1Lk70TnvjcJ5zpOEa26FvemKOM/HTJXSpNLKEQgNibnHWJg4TSL:jk70TrcJ5/a2IeROM/V+NLKINCn2Z2
PDB Path
Yara
  • Malicious_Library_Zero - Malicious_Library
  • MALWARE_Win_VT_RedLine - Detects RedLine infostealer
  • PE_Header_Zero - PE File Signature
  • UltraVNC_Zero - UltraVNC
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch
89.105.223.249 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.103:49163 -> 89.105.223.249:29986 2054404 ET MALWARE [ANY.RUN] MetaStealer v.5 CnC Activity (MC-NMF TLS SNI) A Network Trojan was detected

Suricata TLS

No Suricata TLS

pdb_path
section {u'size_of_data': u'0x00081a00', u'virtual_address': u'0x00026000', u'entropy': 6.997780822675416, u'name': u'.rsrc', u'virtual_size': u'0x00081890'} entropy 6.99778082268 description A section with a high entropy has been found
entropy 0.793420045907 description Overall entropy of this PE file is high
host 89.105.223.249
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.RedLine.i!c
tehtris Generic.Malware
Cynet Malicious (score: 100)
CAT-QuickHeal Backdoor.MSIL
Skyhigh BehavesLike.Win32.Generic.jc
ALYac Trojan.GenericKD.74147641
Cylance Unsafe
VIPRE Trojan.GenericKD.74139895
Sangfor Spyware.Msil.Redline.Vgvv
K7AntiVirus Spyware ( 005995c91 )
BitDefender Trojan.GenericKD.74139895
K7GW Spyware ( 005995c91 )
Arcabit Trojan.Generic.D46B48F7
VirIT Trojan.Win32.Genus.WKL
Symantec Trojan.Whispergate
Elastic malicious (high confidence)
ESET-NOD32 a variant of MSIL/Spy.RedLine.A
APEX Malicious
Avast Win32:Malware-gen
Kaspersky Trojan-PSW.MSIL.Reline.xnm
Alibaba TrojanPSW:MSIL/Reline.e82d7d14
MicroWorld-eScan Trojan.GenericKD.74139895
Emsisoft Trojan.GenericKD.74139895 (B)
F-Secure Trojan.TR/Spy.RedLine.poqsi
DrWeb Trojan.PWS.Stealer.21213
TrendMicro TrojanSpy.Win32.METASTEALER.YXEIPZ
McAfeeD ti!CCD618556EEB
Trapmine malicious.high.ml.score
CTX exe.trojan.msil
Sophos Mal/Generic-S
SentinelOne Static AI - Malicious PE
FireEye Generic.mg.fef7cb7c3bd0e820
Webroot W32.Trojan.MSILZilla
Google Detected
Avira TR/Spy.RedLine.poqsi
Kingsoft MSIL.Trojan-PSW.Reline.a
Gridinsoft Malware.Win32.RedLine.tr
Xcitium Malware@#14rqj0yeow8fl
Microsoft Trojan:MSIL/RedLineStealer.KAF!MTB
ZoneAlarm Trojan-PSW.MSIL.Reline.xnm
GData Trojan.GenericKD.74139895
Varist W32/ABTrojan.HLEA-9109
AhnLab-V3 Trojan/Win.MSILZilla.C5671178
McAfee Artemis!FEF7CB7C3BD0
DeepInstinct MALICIOUS
VBA32 TrojanPSW.RedLine
Malwarebytes Spyware.RedLineStealer
Ikarus Packed.Win32.Crypt
Panda Trj/Chgt.AD