Windows Analysis Report
Order.gz.exe

Overview

Sample Name:	Order.gz.exe
Analysis ID:	882714
MD5:	856dbd09409da8b58b98d75bb8b6c7c0
SHA1:	04ac238a5349afe2f3f0a2dffad9cf615130b674
SHA256:	8873e65ad529e832113ee75d5bc8e3a18d150ed475c09e0c6f5ce1458f0bf9a3
Tags:	exeSTRRAT
Infos:
Errors No process behavior to analyse as no analysis process or sample was found Corrupt sample or wrongly selected analyzer. Details: C000007B

RATDispenser

Multi AV Scanner detection for submitted file

Yara detected RATDispenser

JavaScript source code contains large arrays or strings with random content potentially encoding malicious code

AV Detection

Source: Order.gz.exe	ReversingLabs: Detection: 45%
Source: Order.gz.exe	Virustotal: Detection: 44%			Perma Link

Source: Order.gz.exe	ReversingLabs: Detection: 45%
Source: Order.gz.exe	Virustotal: Detection: 44%

Source: classification engine

Classification label: mal56.troj.winEXE@0/0@0/0

Data Obfuscation

Source: Yara match

File source: Order.gz.exe, type: SAMPLE

Source: Order.gz.exe	String : entropy: 5.56, length: 365480, content: 'dmFyIHJlZ0{1}vbnRlbnQgPSAiV2luZ{0}93cyBSZWdpc3RyeSBFZ{0}l0b3IgVmVyc2lvbiA1LjAwX{0}5cbiI7DQpyZWdDb25			Go to definition
Source: Order.gz.exe	String : entropy: 5.16, length: 107, content: 'tw0Tr33.sh1nEKon(\'seaMans["{0}te"]({1});\'.avAmY5(tseT53Fly[2][0], tseT53Fly[2][2] + \'TypedValue"			Go to definition

No Screenshots

Hide Legend

Legend:

⊘No contacted IP infos

ID:	882714
Product:	CloudBasic
Start time:	17:24:35
Start date:	06.06.2023
Sample:	Order.gz.exe
Cookbook:	default.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS
MD5:	856dbd09409da8b58b98d75bb8b6c7c0
SHA1:	04ac238a5349afe2f3f0a2dffad9cf615130b674
SHA256:	8873e65ad529e832113ee75d5bc8e3a18d150ed475c09e0c6f5ce1458f0bf9a3
Filetype:	669 Tracker Module (2002/1) 100.00%