popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

66e805302f63c_otr.exe

RedLine Infostealer UltraVNC Generic Malware Malicious Library UPX PE File OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Sept. 19, 2024, 9:36 a.m. Sept. 19, 2024, 9:57 a.m.
Size 395.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 d3d2aafaf86262baa7528e397f1ce761
SHA256 36befc5f19af22b3b731c573b8244d7e70a594730789351b3470dcfcaf9a7e71
CRC32 143CE98F
ssdeep 12288:Zh1Lk70Tnvjcd5zpOEa26FvemK2h/JGIBDdY5L:Fk70Trcd5/a2IeRs/J5TY5L
PDB Path
Yara
  • Malicious_Library_Zero - Malicious_Library
  • MALWARE_Win_VT_RedLine - Detects RedLine infostealer
  • PE_Header_Zero - PE File Signature
  • UltraVNC_Zero - UltraVNC
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch
89.105.223.249 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.101:49162 -> 89.105.223.249:29986 2054404 ET MALWARE [ANY.RUN] MetaStealer v.5 CnC Activity (MC-NMF TLS SNI) A Network Trojan was detected

Suricata TLS

No Suricata TLS

pdb_path
section {u'size_of_data': u'0x00040e00', u'virtual_address': u'0x00026000', u'entropy': 7.442840655879431, u'name': u'.rsrc', u'virtual_size': u'0x00040d9c'} entropy 7.44284065588 description A section with a high entropy has been found
entropy 0.657794676806 description Overall entropy of this PE file is high
host 89.105.223.249
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.RedLine.4!c
tehtris Generic.Malware
Cynet Malicious (score: 100)
CAT-QuickHeal Trojan.Generic
Skyhigh BehavesLike.Win32.Generic.fc
ALYac IL:Trojan.MSILZilla.85810
Cylance Unsafe
VIPRE Trojan.GenericKD.74139970
Sangfor Spyware.Win32.Redline.Voer
CrowdStrike win/malicious_confidence_70% (D)
BitDefender Trojan.GenericKD.74139970
K7GW Spyware ( 005995c91 )
K7AntiVirus Spyware ( 005995c91 )
Arcabit Trojan.Generic.D46B4942
VirIT Trojan.Win32.Genus.WKL
Symantec Trojan.Whispergate
Elastic malicious (high confidence)
ESET-NOD32 a variant of MSIL/Spy.RedLine.A
APEX Malicious
Avast Win32:Malware-gen
Kaspersky HEUR:Trojan.Win32.Generic
Alibaba Trojan:MSIL/Generic.1e3b1942
MicroWorld-eScan Trojan.GenericKD.74139970
Emsisoft Trojan.GenericKD.74139970 (B)
F-Secure Trojan.TR/AVI.Agent.osqsk
TrendMicro TrojanSpy.Win32.METASTEALER.YXEIPZ
McAfeeD ti!36BEFC5F19AF
Trapmine malicious.moderate.ml.score
CTX exe.trojan.msil
Sophos Mal/Generic-S
SentinelOne Static AI - Malicious PE
FireEye Generic.mg.d3d2aafaf86262ba
Webroot W32.Trojan.MSILZilla
Google Detected
Avira TR/AVI.Agent.osqsk
Kingsoft Win32.Trojan.Generic.a
Gridinsoft Trojan.Win32.Generic.sa
Xcitium Malware@#1l9iin0edotkd
Microsoft Trojan:MSIL/RedLineStealer.KAF!MTB
ZoneAlarm HEUR:Trojan.Win32.Generic
GData Trojan.GenericKD.74139970
Varist W32/ABTrojan.RYJZ-1782
AhnLab-V3 Trojan/Win.Generic.C5671183
McAfee Artemis!D3D2AAFAF862
DeepInstinct MALICIOUS
VBA32 TrojanPSW.RedLine
Malwarebytes Spyware.RedLineStealer
Ikarus Trojan.MSIL.Crypt
Panda Trj/CI.A