RedLine.E,RedLine.F | 6fea47929205

Classifications

Spyware

Threat Names

RedLine.E RedLine.F Mal/HTMLGen-A

Dynamic Analysis Report

Created on 2024-05-09T12:11:54+00:00

Debut.exe

Windows Exe (x86-32)

Filters:

File Name	Category	Type	Verdict	Actions

C:\Users\RDhJ0CNFevzX\Desktop\Debut.exe

Sample File

Binary

MIME Type	application/vnd.microsoft.portable-executable
File Size	168.58 KB
MD5	89dd9b90e6df2ebe2a3bd8071a3f22b2
SHA1	05c5199b9e0865bbb36822f3ea3470d41aaf5531
SHA256	6fea47929205ee6ccaf014456c2ce24b6fcd330722cf3bffba2b3085cd2d1594
SSDeep	1536:wPCNTP3mqlVZRGW6sRrrmMn8JlwVJWHGTGqVQbuwgSFOuZS67d83wYkS8e8hd:wPCZeX2tD+qVgzF/ZS67dA8e8hd
ImpHash	f34d5f2d4577ed6d9ceec516c1f5a744

File Reputation Information

Verdict

Malicious

PE Information

Image Base	0x00400000
Entry Point	0x0042208E
Size Of Code	0x00020200
Size Of Initialized Data	0x00009E00
File Type	IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem	IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type	IMAGE_FILE_MACHINE_I386
Compile Timestamp	2094-12-31 02:23 (UTC+1)

Version Information (11)

Comments	Helps boost CPU
CompanyName	-
FileDescription	Nirtro CPU
FileVersion	15.9.1.22
InternalName	Debut.exe
LegalCopyright	NireoNO1 Corporation Copyright © 2021
LegalTrademarks	-
OriginalFilename	Debut.exe
ProductName	Nitro NO2
ProductVersion	15.9.1.22
Assembly Version	1.9.2.1440

Sections (3)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x00402000	0x00020094	0x00020200	0x00000200	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	6.18
.rsrc	0x00424000	0x00009B3E	0x00009C00	0x00020400	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	3.25
.reloc	0x0042E000	0x0000000C	0x00000200	0x0002A000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	0.1

Imports (1)

mscoree.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_CorExeMain	-	0x00402000	0x0002205C	0x0002025C	0x00000000

Memory Dumps (5)

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
debut.exe	1	0x007B0000	0x007DFFFF	Relevant Image	32-bit	-	... Actions Go to Process Go to YARA Match Download Dump
buffer	1	0x008D0000	0x008D0FFF	Reflectively Loaded .NET Assembly	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x0239E000	0x0239FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00187000	0x0018FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00A46240	0x00A462BF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump

YARA Matches (2)

Rule Name	Rule Description	Classification	Score	Actions
RedLine_E	RedLine Stealer, RedLine.E variant	Spyware	5/5	... Actions Show Ruleset Show Match
RedLine_F	RedLine Stealer, RedLine.F variant	Spyware	5/5	... Actions Show Ruleset Show Match

Function Logfile

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".

Before

After

WHOIS Domain Information

Screenshot

There are no files for this filter

There are no files in this analysis

Classifications

Threat Names

Before

After

WHOIS Domain Information