cef9230ad3111e4a233e61b49ac977d4d25849061a90b05c3e7d6f308022b4de | Triage

Submit
Reports

Overview

overview

Static

static

3

Rebel/Bin/...or.exe

windows7-x64

5

Rebel/Bin/...or.exe

windows10-2004-x64

5

Rebel/Bin/Rebel.dll

windows7-x64

1

Rebel/Bin/Rebel.dll

windows10-2004-x64

1

Rebel/Fast...ox.dll

windows7-x64

1

Rebel/Fast...ox.dll

windows10-2004-x64

1

Rebel/Rebe...ed.exe

windows7-x64

Rebel/Rebe...ed.exe

windows10-2004-x64

Rebel/Syst...om.dll

windows7-x64

1

Rebel/Syst...om.dll

windows10-2004-x64

1

Analysis

max time kernel
92s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09-11-2024 13:33

Sharing

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Rebel/Bin/Injector.exe

Resource

win7-20241010-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

Rebel/Bin/Injector.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral3

Sample

Rebel/Bin/Rebel.dll

Resource

win7-20241010-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral4

Sample

Rebel/Bin/Rebel.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral5

Sample

Rebel/FastColoredTextBox.dll

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral6

Sample

Rebel/FastColoredTextBox.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral7

Sample

Rebel/RebelCracked.exe

Resource

win7-20240903-en

asyncrat stormkitty default discovery persistence privilege_escalation rat spyware stealer

windows7-x64

21 signatures

150 seconds

Behavioral task

behavioral8

Sample

Rebel/RebelCracked.exe

Resource

win10v2004-20241007-en

asyncrat stormkitty default discovery persistence phishing privilege_escalation rat spyware stealer

windows10-2004-x64

23 signatures

150 seconds

Behavioral task

behavioral9

Sample

Rebel/System.CodeDom.dll

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral10

Sample

Rebel/System.CodeDom.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Report Analysis Logs

General

Target

Rebel/FastColoredTextBox.dll
Size

323KB
MD5

8610f4d3cdc6cc50022feddced9fdaeb
SHA1

4b60b87fd696b02d7fce38325c7adfc9e806f650
SHA256

ac926c92ccfc3789a5ae571cc4415eb1897d500a79604d8495241c19acdf01b9
SHA512

693d1af1f89470eab659b4747fe344836affa0af8485b0c0635e2519815e5a498f4618ea08db9dcf421aac1069a04616046207ee05b9ed66c0a1c4a8f0bddd09
SSDEEP

6144:0R0J4lx4/7BA4xvNdcwCOg04j0y5mwZkdmsqmLDi5eNH+Dl1SIP0:0R0J48lAovNd7CO34D4b4eNO

Score

1^/10

Malware Config

Signatures

Processes

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Rebel\FastColoredTextBox.dll,#1
1⤵
PID:4860

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

© 2018-2024

Terms | Privacy