ScreenShot
| Created | 2023.12.12 07:45 | Machine | s1_win7_x6401 |
| Filename | traffico.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | |||
| md5 | d46d968df6c8596c4a2dd2e19bd3dadb | ||
| sha256 | 320d7be57b8e56249ba0892fc78bdf7fbae8d54fc8709bc86c7cf98f56189f0e | ||
| ssdeep | 6144:nOf2K2xa/WUE/y6sucuCHVc/AJteztTs/oT:nARUa4cuCHVcmeztCU | ||
| imphash | 6adabf5929912c81c518ab88933ce307 | ||
| impfuzzy | 24:ZYD2djeMjOov1lG/J3IStsQFQ8RyvDkRT4QfalWXyGwtJACe1h+SQw3KQsTL0A:wMCdzts3DgcQfaIXyGwtJACeD4uKQU | ||
Network IP location
Signature (14cnts)
| Level | Description |
|---|---|
| watch | Collects information about installed applications |
| watch | Communicates with host for which no DNS query was performed |
| watch | Harvests credentials from local FTP client softwares |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | One or more potentially interesting buffers were extracted |
| notice | Queries for potentially installed applications |
| notice | Steals private information from local Internet browsers |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
| info | Queries for the computername |
| info | Tries to locate where the browsers are installed |
| info | Uses Windows APIs to generate a cryptographic key |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Suricata ids
ET INFO Microsoft net.tcp Connection Initialization Activity
ET MALWARE [ANY.RUN] RedLine Stealer Family Related (MC-NMF Authorization)
ET MALWARE Redline Stealer Family Activity (Response)
ET MALWARE [ANY.RUN] RedLine Stealer Family Related (MC-NMF Authorization)
ET MALWARE Redline Stealer Family Activity (Response)
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x414034 GetStringTypeW
0x414038 GetStringTypeA
0x41403c FreeConsole
0x414040 GetModuleHandleA
0x414044 VirtualAlloc
0x414048 LoadLibraryA
0x41404c VirtualProtect
0x414050 GetProcAddress
0x414054 lstrlenW
0x414058 Sleep
0x41405c CreateThread
0x414060 GetLocaleInfoA
0x414064 WaitForSingleObject
0x414068 RtlUnwind
0x41406c RaiseException
0x414070 GetCommandLineA
0x414074 GetLastError
0x414078 HeapFree
0x41407c GetModuleHandleW
0x414080 TlsGetValue
0x414084 TlsAlloc
0x414088 TlsSetValue
0x41408c TlsFree
0x414090 InterlockedIncrement
0x414094 SetLastError
0x414098 GetCurrentThreadId
0x41409c InterlockedDecrement
0x4140a0 HeapAlloc
0x4140a4 TerminateProcess
0x4140a8 GetCurrentProcess
0x4140ac UnhandledExceptionFilter
0x4140b0 SetUnhandledExceptionFilter
0x4140b4 IsDebuggerPresent
0x4140b8 ExitProcess
0x4140bc WriteFile
0x4140c0 GetStdHandle
0x4140c4 GetModuleFileNameA
0x4140c8 FreeEnvironmentStringsA
0x4140cc GetEnvironmentStrings
0x4140d0 FreeEnvironmentStringsW
0x4140d4 WideCharToMultiByte
0x4140d8 GetEnvironmentStringsW
0x4140dc SetHandleCount
0x4140e0 GetFileType
0x4140e4 GetStartupInfoA
0x4140e8 DeleteCriticalSection
0x4140ec HeapCreate
0x4140f0 VirtualFree
0x4140f4 QueryPerformanceCounter
0x4140f8 GetTickCount
0x4140fc GetCurrentProcessId
0x414100 GetSystemTimeAsFileTime
0x414104 GetCPInfo
0x414108 GetACP
0x41410c GetOEMCP
0x414110 IsValidCodePage
0x414114 LeaveCriticalSection
0x414118 EnterCriticalSection
0x41411c HeapReAlloc
0x414120 HeapSize
0x414124 InitializeCriticalSectionAndSpinCount
0x414128 LCMapStringA
0x41412c MultiByteToWideChar
0x414130 LCMapStringW
USER32.dll
0x414138 GetClassInfoA
0x41413c CallWindowProcA
0x414140 SetWindowLongA
0x414144 IsDlgButtonChecked
0x414148 SetWindowTextA
0x41414c CheckDlgButton
0x414150 GetActiveWindow
0x414154 LoadCursorA
0x414158 MessageBoxA
0x41415c wsprintfA
0x414160 GetDlgItemTextA
GDI32.dll
0x414014 GetStockObject
0x414018 DeleteObject
0x41401c SetBkMode
0x414020 SetTextColor
0x414024 CreateFontIndirectA
0x414028 SelectObject
0x41402c GetObjectA
COMDLG32.dll
0x414008 GetSaveFileNameA
0x41400c GetOpenFileNameA
ADVAPI32.dll
0x414000 RegDeleteKeyA
EAT(Export Address Table) is none
KERNEL32.dll
0x414034 GetStringTypeW
0x414038 GetStringTypeA
0x41403c FreeConsole
0x414040 GetModuleHandleA
0x414044 VirtualAlloc
0x414048 LoadLibraryA
0x41404c VirtualProtect
0x414050 GetProcAddress
0x414054 lstrlenW
0x414058 Sleep
0x41405c CreateThread
0x414060 GetLocaleInfoA
0x414064 WaitForSingleObject
0x414068 RtlUnwind
0x41406c RaiseException
0x414070 GetCommandLineA
0x414074 GetLastError
0x414078 HeapFree
0x41407c GetModuleHandleW
0x414080 TlsGetValue
0x414084 TlsAlloc
0x414088 TlsSetValue
0x41408c TlsFree
0x414090 InterlockedIncrement
0x414094 SetLastError
0x414098 GetCurrentThreadId
0x41409c InterlockedDecrement
0x4140a0 HeapAlloc
0x4140a4 TerminateProcess
0x4140a8 GetCurrentProcess
0x4140ac UnhandledExceptionFilter
0x4140b0 SetUnhandledExceptionFilter
0x4140b4 IsDebuggerPresent
0x4140b8 ExitProcess
0x4140bc WriteFile
0x4140c0 GetStdHandle
0x4140c4 GetModuleFileNameA
0x4140c8 FreeEnvironmentStringsA
0x4140cc GetEnvironmentStrings
0x4140d0 FreeEnvironmentStringsW
0x4140d4 WideCharToMultiByte
0x4140d8 GetEnvironmentStringsW
0x4140dc SetHandleCount
0x4140e0 GetFileType
0x4140e4 GetStartupInfoA
0x4140e8 DeleteCriticalSection
0x4140ec HeapCreate
0x4140f0 VirtualFree
0x4140f4 QueryPerformanceCounter
0x4140f8 GetTickCount
0x4140fc GetCurrentProcessId
0x414100 GetSystemTimeAsFileTime
0x414104 GetCPInfo
0x414108 GetACP
0x41410c GetOEMCP
0x414110 IsValidCodePage
0x414114 LeaveCriticalSection
0x414118 EnterCriticalSection
0x41411c HeapReAlloc
0x414120 HeapSize
0x414124 InitializeCriticalSectionAndSpinCount
0x414128 LCMapStringA
0x41412c MultiByteToWideChar
0x414130 LCMapStringW
USER32.dll
0x414138 GetClassInfoA
0x41413c CallWindowProcA
0x414140 SetWindowLongA
0x414144 IsDlgButtonChecked
0x414148 SetWindowTextA
0x41414c CheckDlgButton
0x414150 GetActiveWindow
0x414154 LoadCursorA
0x414158 MessageBoxA
0x41415c wsprintfA
0x414160 GetDlgItemTextA
GDI32.dll
0x414014 GetStockObject
0x414018 DeleteObject
0x41401c SetBkMode
0x414020 SetTextColor
0x414024 CreateFontIndirectA
0x414028 SelectObject
0x41402c GetObjectA
COMDLG32.dll
0x414008 GetSaveFileNameA
0x41400c GetOpenFileNameA
ADVAPI32.dll
0x414000 RegDeleteKeyA
EAT(Export Address Table) is none