ScreenShot
| Created | 2024.07.12 09:45 | Machine | s1_win7_x6401 |
| Filename | ddmc.txt.exe | ||
| Type | PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 20 detected (AIDetectMalware, Windows, RedLineStealer, Unsafe, Save, Malicious, Generic@AI, RDMK, cmRtazqKFqDfNrwTLBwneO8hHQaV, score, Generic ML PUA, Detected, Eldorado, ZexaF, QmZ@a8mlCWp, Static AI, Malicious PE, PossibleThreat, confidence) | ||
| md5 | ec4eddc1c6478a9b66e1884925326379 | ||
| sha256 | 5a4ad5da35e57e1dc2a26c280acdc9e03da8b8037c198784f6c6a050d972c820 | ||
| ssdeep | 6144:BFiDep+oR+FQQIGULMQoyvExtk26rZU/bPmSasbp3D68xBiCJZCdoi/afdEO3n0U:viipf/GaLvEKa6c3DrBFJwcE | ||
| imphash | |||
| impfuzzy | 3:: | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 20 AntiVirus engines on VirusTotal as malicious |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | RedLine_Stealer_b_Zero | RedLine stealer | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Win32_Trojan_PWS_Net_1_Zero | Win32 Trojan PWS .NET Azorult | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|