Malware Analysis Report

2025-06-15 20:18

Sample ID 241215-2gm89sskep
Target rlmarlbotV1.7.1.rar
SHA256 94d6c3c8d433e90bb4d3d6627c64c08310cc1c53c291496ed8d3f14e818032eb
Tags
upx pyinstaller pysilon
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

94d6c3c8d433e90bb4d3d6627c64c08310cc1c53c291496ed8d3f14e818032eb

Threat Level: Known bad

The file rlmarlbotV1.7.1.rar was found to be: Known bad.

Malicious Activity Summary

upx pyinstaller pysilon

Detect Pysilon

Pysilon family

Loads dropped DLL

UPX packed file

Detects Pyinstaller

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-12-15 22:33

Signatures

Detect Pysilon

Description Indicator Process Target
N/A N/A N/A N/A

Pysilon family

pysilon

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-15 22:33

Reported

2024-12-15 22:36

Platform

win10v2004-20241007-en

Max time kernel

147s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe

"C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe"

C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe

"C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 211.143.182.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI18482\pip-24.3.1.dist-info\top_level.txt

MD5 365c9bfeb7d89244f2ce01c1de44cb85
SHA1 d7a03141d5d6b1e88b6b59ef08b6681df212c599
SHA256 ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508
SHA512 d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

C:\Users\Admin\AppData\Local\Temp\_MEI18482\python39.dll

MD5 1661de9dc158325038ea32685a182107
SHA1 31a5b206059bfbdd333a43e800cb466f5e5a4d1a
SHA256 21396ce6f622f16d6cba3d8ac1f469654fa49d9edd57d407919012fe26b03a0c
SHA512 d8c50191f5adbca5b5d2693b13453765d0130ebcef6f4525865b2f7b93863134592aa3c0c91f92c7d5edb3d8ddf5a190ec76417717250035bcd66aeb11510656

memory/2260-1121-0x00007FFCE6E00000-0x00007FFCE7281000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI18482\VCRUNTIME140.dll

MD5 8697c106593e93c11adc34faa483c4a0
SHA1 cd080c51a97aa288ce6394d6c029c06ccb783790
SHA256 ff43e813785ee948a937b642b03050bb4b1c6a5e23049646b891a66f65d4c833
SHA512 724bbed7ce6f7506e5d0b43399fb3861dda6457a2ad2fafe734f8921c9a4393b480cdd8a435dbdbd188b90236cb98583d5d005e24fa80b5a0622a6322e6f3987

C:\Users\Admin\AppData\Local\Temp\_MEI18482\base_library.zip

MD5 077f614c0d45a14b87aa769da7277165
SHA1 edd2f5a6bfffc3b5b7705fa179054ee4c46617f1
SHA256 1888bebd2e4d139168e11ce69b9100e4f6d6fa038436155adbdcd2bede8419a3
SHA512 d46896f4a1a50ca660c5b1b2825e39883535dc6bafb3c64da5b185e05197f1b1d319c26fb9d875d70ead73ea2d7dcc02fa5bc3e22187bf65278493dcc951ad1e

C:\Users\Admin\AppData\Local\Temp\_MEI18482\python3.DLL

MD5 3c88de1ebd52e9fcb46dc44d8a123579
SHA1 7d48519d2a19cac871277d9b63a3ea094fbbb3d9
SHA256 2b22b6d576118c5ae98f13b75b4ace47ab0c1f4cd3ff098c6aee23a8a99b9a8c
SHA512 1e55c9f7ac5acf3f7262fa2f3c509ee0875520bb05d65cd68b90671ac70e8c99bce99433b02055c07825285004d4c5915744f17eccfac9b25e0f7cd1bee9e6d3

C:\Users\Admin\AppData\Local\Temp\_MEI18482\_ctypes.pyd

MD5 9d0244aa7a8027a8ce62d3eefdfd162c
SHA1 9200e2ce8204f8bb8df1a546970821f20b418a32
SHA256 229f0a587a6f95beacc98cfbd8fb013da7a73ee0814fdda56663a0ceeeef9146
SHA512 bdcae827a325c22e42c693b89d8349ae88d2d9f23604890cc4d80559c0599e2b550b7c85f1873355af712649ef657f2ecb7626119bd8612594dc8ec02b9b0295

memory/2260-1128-0x00007FFCF6320000-0x00007FFCF6344000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI18482\libffi-7.dll

MD5 36b9af930baedaf9100630b96f241c6c
SHA1 b1d8416250717ed6b928b4632f2259492a1d64a4
SHA256 d2159e1d1c9853558b192c75d64033e09e7de2da2b3f1bf26745124ed33fbf86
SHA512 5984b32a63a4440a13ebd2f5ca0b22f1391e63ac15fe67a94d4a579d58b8bb0628980a2be484ac65ad3a215bbe44bd14fe33ec7b3581c6ab521f530395847dd5

memory/2260-1130-0x00007FFCF65D0000-0x00007FFCF65DF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI18482\_bz2.pyd

MD5 3e0a3173965c17754327f30964523591
SHA1 51590bb0b68415bb6de2ee86f10e83d1c540e16c
SHA256 0ba650329181cebdb1636bfbdba322c91b2cb8e6b7f141a49b7156cb51113d8d
SHA512 51ace698687f763dadde2729a1a4ef89b18a817f17332580d627b31ef19068e147c5af893a3b398643ca5e0e81441313b4f6968dbdc9ee5b95fe5f4854dd3c81

memory/2260-1134-0x00007FFCF6300000-0x00007FFCF631B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI18482\_lzma.pyd

MD5 9a55807535a4025c7434c7bb1908e5e7
SHA1 2284fd3c66d3108139a074585fc27db66b414631
SHA256 654346a8c734df69664a21ac29cc2227b69bae46eda4592e40bfe6e2507ea455
SHA512 065b56b1ce23dfbcec17ef277ad7d6bddef3c98ee5ef2fe73f9e853945fd889660c1a0bb6cae82bd2958c0446ece28e9377478f568a18ece7b3856c05845a818

C:\Users\Admin\AppData\Local\Temp\_MEI18482\libopus-0.x64.dll

MD5 e56f1b8c782d39fd19b5c9ade735b51b
SHA1 3d1dc7e70a655ba9058958a17efabe76953a00b4
SHA256 fa8715dd0df84fdedbe4aa17763b2ab0db8941fa33421b6d42e25e59c4ae8732
SHA512 b7702e48b20a8991a5c537f5ba22834de8bb4ba55862b75024eace299263963b953606ee29e64d68b438bb0904273c4c20e71f22ccef3f93552c36fb2d1b2c46

memory/2260-1160-0x00007FFCF62D0000-0x00007FFCF62FE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI18482\_hashlib.pyd

MD5 8e2fbf6421fef8f2dcba4937c983080f
SHA1 c8d2597225329d85b361b00d9a4fc68835bbf683
SHA256 d873ec397f6c5861c0254c3d4bf01a8cac7298258354dc3909486375aaffdfe7
SHA512 821ce86d2d8c71fdfb7d6678b87032352ae728934db6843c6c69703620909e05bdeddaa4ccc764091337f61a3fb1dd3925c44c3f4e92797687d9eb1fc77eab92

memory/2260-1162-0x00007FFCF62B0000-0x00007FFCF62C7000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI18482\libcrypto-1_1.dll

MD5 3ba3ec8c8e092360c72b93c4bdf3d655
SHA1 aff2407b6aa96effd1e15f2f724616a0f2a8811d
SHA256 8d671bc3f80a0ffe684943f4f650fe52db35a9da81f81a1354c31c5d092349b7
SHA512 44eb07fcc8f6faa122bdca482c5b80b2f578761f2d4162ccfb5d42cc772fa5dd2183babd736275bb172703cd544e1f1114518790f63dd7af8893711eb64f2d83

memory/2260-1164-0x00007FFCE6A90000-0x00007FFCE6DFC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI18482\select.pyd

MD5 df15dad66a96ee63ad4829ed795a7941
SHA1 be8963f0ec86d87213f800da2930100d4e24f440
SHA256 375251b4012d91d4588a27ea23f2ebb6c70666ddfd7b1ebf47529dc52282591c
SHA512 7550edc9e6cb8cb47ec12e37e6861e97fc17a93bbbb910b962a2932d162b515e3a79a5ed21f07c4efc370d576bde64708f00001e8110b8a13d224d11fb307eae

C:\Users\Admin\AppData\Local\Temp\_MEI18482\libssl-1_1.dll

MD5 bbc7d150cd0458ee620a4de481579f5e
SHA1 8392e442ed1213d210be8176ff84670104215725
SHA256 b222ee42f103f20e5e4e74d5f5db39de894602cea05a904661b4c31ed0a39361
SHA512 c70490a0d545cceb5579fe31b48508220fe1bc2bad2daf47c2ef04a619fb7da3a7f0d4ace83c93d1b78998413ef57acbeaea774f62ba1272c759e4f53e4644dd

C:\Users\Admin\AppData\Local\Temp\_MEI18482\_queue.pyd

MD5 f175bd8cb421ecea0d2b98a476fcc5a2
SHA1 0c097e0c4c56cbb001c2a0d23ff40cec1270326e
SHA256 7f82118cacc95016aa479e628c7e29d0c55221367f66908682e8421b9be9d0b0
SHA512 f4c45d4596b0eabce548cbeff1c6ad8f3b638dd802942a206c0bc0601e8c209db715daf8d9c2c12c6ca62a56782aaaf266bb7b683f29a1005cb6b8c3dcf3be0b

C:\Users\Admin\AppData\Local\Temp\_MEI18482\unicodedata.pyd

MD5 90a31c930b2581914530ecd431b9ebd6
SHA1 e2b33ce38ad733a8b88b1bf161698ea39c86da07
SHA256 17efd11d81d845b4c803253891f4628be8cf09a4d8bd999ab1f575dc10dc6906
SHA512 f4c565903966d11983925dcb98f4730d09c9c489e3d38ecd060ab36226e1bf59e5f87b35d8dac2c52aaa1aeb5c0fd73a65a0592f69b0eb9b99844931c469f670

C:\Users\Admin\AppData\Local\Temp\_MEI18482\certifi\cacert.pem

MD5 50ea156b773e8803f6c1fe712f746cba
SHA1 2c68212e96605210eddf740291862bdf59398aef
SHA256 94edeb66e91774fcae93a05650914e29096259a5c7e871a1f65d461ab5201b47
SHA512 01ed2e7177a99e6cb3fbef815321b6fa036ad14a3f93499f2cb5b0dae5b713fd2e6955aa05f6bda11d80e9e0275040005e5b7d616959b28efc62abb43a3238f0

C:\Users\Admin\AppData\Local\Temp\_MEI18482\Crypto\Cipher\_raw_cbc.pyd

MD5 270fd535f94a87b973874b33f35e5af8
SHA1 bb7113a47070b629e878502fc1d929879850856b
SHA256 b7ab0516b698a9f4ef50f08ef53af907c83d841d117af16ca742b7e186d3ef51
SHA512 829dc409327562736b7d58df6e5e78e8e7595b08fa2c5a993a595032386946ccdf1ef62311c44ffbc31c41165511b40251457a0cf7b92ecec3342850876e5d31

memory/2260-1217-0x00007FFCF5E90000-0x00007FFCF5EB7000-memory.dmp

memory/2260-1224-0x00007FFCECD50000-0x00007FFCECD5C000-memory.dmp

memory/2260-1232-0x00007FFCE6A70000-0x00007FFCE6A81000-memory.dmp

memory/2260-1235-0x00007FFCE6A10000-0x00007FFCE6A2E000-memory.dmp

memory/2260-1241-0x00007FFCE6920000-0x00007FFCE693D000-memory.dmp

memory/2260-1249-0x00007FFCE6740000-0x00007FFCE674B000-memory.dmp

memory/2260-1266-0x00007FFCE6660000-0x00007FFCE666C000-memory.dmp

memory/2260-1269-0x00007FFCE6530000-0x00007FFCE655B000-memory.dmp

memory/2260-1270-0x00007FFCE62E0000-0x00007FFCE6529000-memory.dmp

memory/2260-1268-0x00007FFCE6560000-0x00007FFCE661C000-memory.dmp

memory/2260-1271-0x00007FFCE5B50000-0x00007FFCE62DA000-memory.dmp

memory/2260-1267-0x00007FFCE6620000-0x00007FFCE6655000-memory.dmp

memory/2260-1265-0x00007FFCE6670000-0x00007FFCE6682000-memory.dmp

memory/2260-1264-0x00007FFCE6690000-0x00007FFCE669D000-memory.dmp

memory/2260-1263-0x00007FFCE66C0000-0x00007FFCE66CB000-memory.dmp

memory/2260-1262-0x00007FFCE66A0000-0x00007FFCE66AB000-memory.dmp

memory/2260-1261-0x00007FFCE66B0000-0x00007FFCE66BC000-memory.dmp

memory/2260-1260-0x00007FFCE66D0000-0x00007FFCE66DB000-memory.dmp

memory/2260-1259-0x00007FFCE67A0000-0x00007FFCE6918000-memory.dmp

memory/2260-1258-0x00007FFCE6920000-0x00007FFCE693D000-memory.dmp

memory/2260-1257-0x00007FFCE66E0000-0x00007FFCE66EC000-memory.dmp

memory/2260-1256-0x00007FFCE66F0000-0x00007FFCE66FE000-memory.dmp

memory/2260-1255-0x00007FFCE6700000-0x00007FFCE670D000-memory.dmp

memory/2260-1254-0x00007FFCE6710000-0x00007FFCE671C000-memory.dmp

memory/2260-1253-0x00007FFCE6950000-0x00007FFCE697E000-memory.dmp

memory/2260-1252-0x00007FFCE6720000-0x00007FFCE672B000-memory.dmp

memory/2260-1251-0x00007FFCE6980000-0x00007FFCE69A9000-memory.dmp

memory/2260-1250-0x00007FFCE6730000-0x00007FFCE673C000-memory.dmp

memory/2260-1248-0x00007FFCE6750000-0x00007FFCE675C000-memory.dmp

memory/2260-1247-0x00007FFCE6760000-0x00007FFCE676B000-memory.dmp

memory/2260-1246-0x00007FFCE6770000-0x00007FFCE677B000-memory.dmp

memory/2260-1245-0x00007FFCE6A30000-0x00007FFCE6A63000-memory.dmp

memory/2260-1244-0x00007FFCE6780000-0x00007FFCE6798000-memory.dmp

memory/2260-1243-0x00007FFCEC6E0000-0x00007FFCEC72D000-memory.dmp

memory/2260-1242-0x00007FFCE67A0000-0x00007FFCE6918000-memory.dmp

memory/2260-1240-0x00007FFCEC750000-0x00007FFCEC76B000-memory.dmp

memory/2260-1239-0x00007FFCE6950000-0x00007FFCE697E000-memory.dmp

memory/2260-1238-0x00007FFCEC770000-0x00007FFCEC792000-memory.dmp

memory/2260-1237-0x00007FFCE6980000-0x00007FFCE69A9000-memory.dmp

memory/2260-1236-0x00007FFCE69B0000-0x00007FFCE6A0D000-memory.dmp

memory/2260-1234-0x00007FFCECCE0000-0x00007FFCECCEC000-memory.dmp

memory/2260-1233-0x00007FFCE6A30000-0x00007FFCE6A63000-memory.dmp

memory/2260-1231-0x00007FFCEC6E0000-0x00007FFCEC72D000-memory.dmp

memory/2260-1230-0x00007FFCEC730000-0x00007FFCEC748000-memory.dmp

memory/2260-1229-0x00007FFCEC750000-0x00007FFCEC76B000-memory.dmp

memory/2260-1228-0x00007FFCEC770000-0x00007FFCEC792000-memory.dmp

memory/2260-1227-0x00007FFCECCF0000-0x00007FFCECD04000-memory.dmp

memory/2260-1226-0x00007FFCECD10000-0x00007FFCECD21000-memory.dmp

memory/2260-1225-0x00007FFCECD30000-0x00007FFCECD46000-memory.dmp

memory/2260-1223-0x00007FFCEFEE0000-0x00007FFCEFEF2000-memory.dmp

memory/2260-1222-0x00007FFCEFF00000-0x00007FFCEFF0D000-memory.dmp

memory/2260-1221-0x00007FFCF1820000-0x00007FFCF1857000-memory.dmp

memory/2260-1220-0x00007FFCEFF10000-0x00007FFCEFF1B000-memory.dmp

memory/2260-1219-0x00007FFCF0470000-0x00007FFCF047C000-memory.dmp

memory/2260-1218-0x00007FFCEFF20000-0x00007FFCF0038000-memory.dmp

memory/2260-1216-0x00007FFCF0480000-0x00007FFCF048B000-memory.dmp

memory/2260-1215-0x00007FFCF0490000-0x00007FFCF049B000-memory.dmp

memory/2260-1214-0x00007FFCF04A0000-0x00007FFCF04AC000-memory.dmp

memory/2260-1213-0x00007FFCF0040000-0x00007FFCF00F6000-memory.dmp

memory/2260-1212-0x00007FFCF2110000-0x00007FFCF211E000-memory.dmp

memory/2260-1211-0x00007FFCF5EC0000-0x00007FFCF5EED000-memory.dmp

memory/2260-1210-0x00007FFCF2120000-0x00007FFCF212D000-memory.dmp

memory/2260-1209-0x00007FFCF52D0000-0x00007FFCF52DC000-memory.dmp

memory/2260-1208-0x00007FFCF6290000-0x00007FFCF62A9000-memory.dmp

memory/2260-1207-0x00007FFCF5C60000-0x00007FFCF5C6B000-memory.dmp

memory/2260-1206-0x00007FFCF5790000-0x00007FFCF579B000-memory.dmp

memory/2260-1205-0x00007FFCF5BE0000-0x00007FFCF5BEC000-memory.dmp

memory/2260-1204-0x00007FFCF5C40000-0x00007FFCF5C4B000-memory.dmp

memory/2260-1203-0x00007FFCF5C50000-0x00007FFCF5C5C000-memory.dmp

memory/2260-1202-0x00007FFCF5F40000-0x00007FFCF5F4B000-memory.dmp

memory/2260-1201-0x00007FFCE6A90000-0x00007FFCE6DFC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI18482\Crypto\Util\_strxor.pyd

MD5 f005aaf26aec57fea2d362d847c72782
SHA1 0fba11f1adc5fd3c7c79214d29cb40ea8ce427b9
SHA256 73f4d8110d6c173b5c49e704af8e3c09e2a89ec7913da585b508bd4f27bfb730
SHA512 eab34d272e335ae6de09a0ffbc7b7c81f62147ea78f42d3b9bc9985842bd9783672ab2267fca10b08f5852087faa4859a32ac4fd10e3538156e79e4bd612ca67

C:\Users\Admin\AppData\Local\Temp\_MEI18482\Crypto\Cipher\_raw_ctr.pyd

MD5 5289590e846458681ab5f88ea5c0e794
SHA1 ad6bc58e1566651bdd7508ce95b1c7e7f9bb9879
SHA256 c1b02d5892df640cb390a4295b37bed1bd7adbf8db79298fc3ceca228fb99612
SHA512 62c8fb2c148acef74e07f19a7d8036e2a8febeed064899317787c60be87066df61b75d75ccbaf155ead68129ff5ad021f9e83d7c6a3c33669ef38ecd9895104f

C:\Users\Admin\AppData\Local\Temp\_MEI18482\Crypto\Cipher\_raw_ofb.pyd

MD5 162c4224976c7636cbdffb3bd8a41994
SHA1 db24eaad4a68ec9524d21c6ea649da81e401b78e
SHA256 1831f1c3857b95a2e6b923cb230b935fe839a64b0dc5aaba5aa92e31a9971551
SHA512 a53c4c2fbead0ec2c8c321d4c6edec287b4eb92d5852a1bf373cb1ff76d1e6c9a51443766e4b2a4e612381b373921b8b0d4f4c48c843d2c4272eccd6fda36a9e

C:\Users\Admin\AppData\Local\Temp\_MEI18482\Crypto\Cipher\_raw_cfb.pyd

MD5 778a2ded9a84ad9759141c285e915b11
SHA1 2915fb4ca42d79ee32859d67c1299c0e4dfc32e7
SHA256 bb6d327d0e42d953a318a7a97953b0e530a0164a610fcab9a098ef9b407ee8a7
SHA512 4c3f7945f97a57f74765e064050cfb6a1dd6abcffe1e2a8ce19132709c1dc554562efe188be4357202b6e3ea1998dc75cca4804684b47904547044db5574be67

C:\Users\Admin\AppData\Local\Temp\_MEI18482\Crypto\Cipher\_raw_ecb.pyd

MD5 1dfafb0703e7e2a4c69b07dc26e02d6a
SHA1 c81d67803d11661b95c5deb3bf67bf012b0042be
SHA256 3814206c295e84122211f8d123a2467005acb18e48bf3cc8d673fedd26680313
SHA512 816d3b71e3a5f40131073048afbe303fe75ca86a027d5485d06114be05ae2df01242ed9dfafa7c93ca0f8e79a77c20d5257fc7a22bacfff7d9bc60ce7d07bbc4

memory/2260-1190-0x00007FFCF1820000-0x00007FFCF1857000-memory.dmp

memory/2260-1189-0x00007FFCF62B0000-0x00007FFCF62C7000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI18482\_cffi_backend.cp39-win_amd64.pyd

MD5 e12e6130fc3162b3ae8fa299145b3a09
SHA1 4640cd67e4ec56e87dca948773e52a9a9aa1c61e
SHA256 8cc868e60758f3a84efae6a340bc018f7d23bc58a6c6eac05a297afd24c3e2ca
SHA512 cf58912b22439d0d40dfdb701739bb039496b152bcdc26f86c3272e76f3e8dfbdaafb26dc3bb138b2731416298185a96fdd52e890f3b3389b0ed29dae63f31f3

memory/2260-1185-0x00007FFCEFF20000-0x00007FFCF0038000-memory.dmp

memory/2260-1183-0x00007FFCF5E90000-0x00007FFCF5EB7000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI18482\charset_normalizer\md__mypyc.cp39-win_amd64.pyd

MD5 b1b80614c4423894d7401f431a95e450
SHA1 3251a49aa7a2fa1faefe770a20bc5979f65770c1
SHA256 36c9c68dd1c111d5ab718c799b887c2312b014b8b5ed74be391d3c052a0496e7
SHA512 2d9a71c4599a116eba9beff18a51ccf70274c3506c4cf1dc8ba15b3f3e062aa488eb88befa66b4866c851246fe9eef590867a490a9f46463e775efbaf29ce13d

memory/2260-1181-0x00007FFCF65D0000-0x00007FFCF65DF000-memory.dmp

memory/2260-1180-0x00007FFCF5F50000-0x00007FFCF5F5B000-memory.dmp

memory/2260-1179-0x00007FFCF60E0000-0x00007FFCF60ED000-memory.dmp

memory/2260-1178-0x00007FFCF6320000-0x00007FFCF6344000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI18482\charset_normalizer\md.cp39-win_amd64.pyd

MD5 562df98aa3ca9a2da283e1f4131d65b1
SHA1 780de9b1bfde5461cc7fc00e56892c5f19bd2e5a
SHA256 8a95a2a6054eeefcb588909dc0d5ac4361c0de430fe2d877cc1fb47998b7c8fd
SHA512 a3a87538c1d725f697cb843ef88e91765b00a49208f5cb22266a518a19d283965592f6d668817f28d080da52712641bc403f5774738f212f3b45811f52a9e7e0

memory/2260-1173-0x00007FFCF0040000-0x00007FFCF00F6000-memory.dmp

memory/2260-1172-0x00007FFCE6E00000-0x00007FFCE7281000-memory.dmp

memory/2260-1170-0x00007FFCF5EC0000-0x00007FFCF5EED000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI18482\_ssl.pyd

MD5 7f41920ce702a15c09178c8decf99c2d
SHA1 884255eced9cd3fa4e5d39b8b55dd6351f08747a
SHA256 ee8aa9c24d6b2a438e838b54ddd0a076af0a2cc9b2b3d753b5c23a2cea44ef79
SHA512 012f2943e90ac30a776da854153efb2864e4545c3bfaa420f3a87c6c8a99cf4935e58ec440aadc151327787c10b6a52ccb2e3cb24785ff9558a9ff79342bfca6

memory/2260-1168-0x00007FFCF60F0000-0x00007FFCF60FD000-memory.dmp

memory/2260-1166-0x00007FFCF6290000-0x00007FFCF62A9000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI18482\_socket.pyd

MD5 051f88acb837c237e35749e6af86ca3e
SHA1 da8859cfe93b4edfd1e943e5e3fcf6e5a09842d8
SHA256 d71baf133d022931a75c12e7c03c907d05544749fe87bc8cd6d366e69ea82bb2
SHA512 8b81d02be44e6a0e6efff5f8d858ca2b7106e50be735a4509d6bbb3788f2fd618cb5d5292e1989d233a722d3df7f722c64c34e8591f55f19838f38a6c108ae12

C:\Users\Admin\AppData\Local\Temp\_MEI18482\_uuid.pyd

MD5 e34235b66204dde998796ee01e363f26
SHA1 62a126b304bc9267308657d6da40d97bc62f6eb4
SHA256 b1ff326e3a3ab014d280a26c83e35eac99e1cf1c78e0618dee112be85d0284da
SHA512 15b9ad86488a38b394bbf6766933c9c20ce9520913f8669cbb6460320bae2a53ce61d246552f3e0d7173a1cd610bd39bef3420c319bcc8ed64a19335707f264e

C:\Users\Admin\AppData\Local\Temp\_MEI18482\_tkinter.pyd

MD5 38bd6652cb795c8aee282d3f214acccd
SHA1 19a57bb681c9061d2f7fa94a025c46c9d8f2a059
SHA256 b67bad60ab9482fd620880cb57e27bd7921a0971efe8b10b6be42422777d78b0
SHA512 fe551efa0a2e8261f988071a1216aed2603319ce0564b409e1737e2f1de400ded1264aee3af70bd8c1c2bea69a810547eed27751fe91d921bdb0feb363f80868

C:\Users\Admin\AppData\Local\Temp\_MEI18482\_sqlite3.pyd

MD5 f4d782326476c5671b103d1d4bb5685e
SHA1 daabc6503b5bf5d356fd5747ef1e0775b49db168
SHA256 1ef61ab37b776a24b4df8826fafa94e90222a1618928b913edb6c1d99fe748a7
SHA512 43270f2f0824d55c5011aa13c2a8e9e62469af213433c420632a0f93d39de10aa88181a93a4a887d7d7b6428b6a689ff9c4303de7c5a63e466df70657e02e3f6

C:\Users\Admin\AppData\Local\Temp\_MEI18482\_overlapped.pyd

MD5 7d2e1f4262156f4e6d730c0b691eb997
SHA1 591e8d61d4019a1257165f7386892d02a8c90ff6
SHA256 6455c0b0a41c268c961c6533b62fdb1f8ddcc41fa188efb0896707165eccc98f
SHA512 2d417e60460a7f6e48ffbc4b43644e39e3a5e852d2bca58285c69db92f69e208c2151e72f58fd6159a35b0daddd6f0684aab2cde30786f308be39c3a10d62140

C:\Users\Admin\AppData\Local\Temp\_MEI18482\_multiprocessing.pyd

MD5 99df90b5936b18074e98206816235917
SHA1 92197ee23881a6382886a333a38c0a3bed46387e
SHA256 232961321d84b40b42e876ec301e7cee8f8856c43d09c690b506dadef23da694
SHA512 75551246940756d9007c215459658c5df1647adfa108ced7a8bd22ec9ba67fcac3e485d6bc119060ad663cd6861cf18b685b57377d72f84f77190b1cf0b5921b

C:\Users\Admin\AppData\Local\Temp\_MEI18482\_elementtree.pyd

MD5 faede1a619ccccd276dd8a4cd9c93fde
SHA1 de070e39e398dbc2d9863be8b36bc18407a93ae5
SHA256 2c646fa6217fa752681d4ce1e755ece78d0d45db14b28f36c1b757a210bbc578
SHA512 94597667ba222cbd687cd558637184677f7ca1b1770c0a5f3fb79b6bdf050748b83bee0ee178b1cf89a31863cc0d924895de1a3f0f41cbe53865f53854805665

C:\Users\Admin\AppData\Local\Temp\_MEI18482\_decimal.pyd

MD5 7d7ebe8f5b79b7d53071f4f30abe267d
SHA1 bc508e8224594672f068a40090441823d5fc1e69
SHA256 3c54a12387efd18e902991f9ac90f9cf601d18fab4d15dbe673c2ad584d7e88d
SHA512 ec679106b4d3573829db8d0683d4f4fae6e2c19beb48b8261c07f8c01c7aa8326e0a3072fba7b51a981dc5990965e24c5b717a0780c3052367871441b51ac2ed

C:\Users\Admin\AppData\Local\Temp\_MEI18482\_asyncio.pyd

MD5 041854276d276ff818163e0eded62693
SHA1 efdcd59ad453ca628bd638be35f6f1b535e04677
SHA256 585c595c42323d93cf7fb459fbde5be7ea8260e4af6f14cab0ecdce39f2791c5
SHA512 066e07b9da4c944524a8708c2eecfc2b4478cae6215bf01efe64318683cd3db613ad672f100bd263406dde48872595481b4546e64659105b1ddd58fef4f48d9f

C:\Users\Admin\AppData\Local\Temp\_MEI18482\VCRUNTIME140_1.dll

MD5 21ae0d0cfe9ab13f266ad7cd683296be
SHA1 f13878738f2932c56e07aa3c6325e4e19d64ae9f
SHA256 7b8f70dd3bdae110e61823d1ca6fd8955a5617119f5405cdd6b14cad3656dfc7
SHA512 6b2c7ce0fe32faffb68510bf8ae1b61af79b2d8a2d1b633ceba3a8e6a668a4f5179bb836c550ecac495b0fc413df5fe706cd6f42e93eb082a6c68e770339a77c

C:\Users\Admin\AppData\Local\Temp\_MEI18482\tk86t.dll

MD5 b07255b25aa473717bc0d8cf76c25320
SHA1 3d94fc5279f2535021bef984efc3fc0ec83bfcc0
SHA256 9b09dd3f43719d9121a2ae48af446cfc7cbad1787f54994ad4973c7232d50dbf
SHA512 56f0481b954c192153b2924316f379b733ff435ef61437cf88f9b9e39c2cc95d1c731843b93d2a20fe9555a8c9b71844c7602ba19da689d897d8edd37a961517

C:\Users\Admin\AppData\Local\Temp\_MEI18482\tcl86t.dll

MD5 a446e391f6688329fcba5b9148e00154
SHA1 472a37e6d3d68ad2f4f9f8228540a9a7f20aa5fc
SHA256 2a29e49eff995ef8283ee59fdc14aad5bbb46ccbee39845c1b3444b79d0a988a
SHA512 ce030d755b18f0f80f53d2590eb933bb08f1af9d34b78a49e02f1108b2384fbb0fc01dad82b8e8ac9a2c01d228cddcca2f6f397cdbcf24a15618cdbc806f1246

C:\Users\Admin\AppData\Local\Temp\_MEI18482\sqlite3.dll

MD5 6fd874480a4a1a68fa87adf9b0dfa072
SHA1 ef90ecc99275378dc5be260fefb8968d0d07e29b
SHA256 cdc0d2c08b34c471110630ba00f8d94b49a795cf328006090d2b30a5cc568e75
SHA512 72112b13c28686f6b64a093456db02f297b32fdad3066136fa466ad8fa71e513c38a4ac7d9c483ec95d08f1aef5434836c7a70b4799ebad3a1ffd065b886caa5

C:\Users\Admin\AppData\Local\Temp\_MEI18482\pyexpat.pyd

MD5 2e29d4997b39dfedb89575f0af28cb90
SHA1 52314d7dc6e7e9949ca836ef957662bae3390517
SHA256 1daa1d5f405abb619a40097b846afec737063d2853d2f04875c7c2841a5a796a
SHA512 a5d037ba0a5c773c0ee98afea75beefcff153c152ae8789379524affae10eabb66e1d69854927ca60ff99627907a25531d45f97675fde46ea7c7e9c951894519

C:\Users\Admin\AppData\Local\Temp\_MEI18482\crypto_clipper.json

MD5 6ed726b51c54bb94aa6356e685fcdf10
SHA1 cee525ac3b00f3a2072d2f9c6e3fbb46c436d342
SHA256 84076bcb73728e674f48912a348df2818ec19c946cdbf4b816b9f4882989b801
SHA512 5fd22e23a54fe1d0516291371f65b3a576f24611810c69733a3419f2a3e5442405e6ec4e7dda6746646d42dd3193539e2e149de67f8be48bae7d46bd267ef07d

memory/2260-1286-0x00007FFCEFF20000-0x00007FFCF0038000-memory.dmp

memory/2260-1294-0x00007FFCE6920000-0x00007FFCE693D000-memory.dmp

memory/2260-1299-0x00007FFCF62B0000-0x00007FFCF62C7000-memory.dmp

memory/2260-1298-0x00007FFCF62D0000-0x00007FFCF62FE000-memory.dmp

memory/2260-1297-0x00007FFCF6300000-0x00007FFCF631B000-memory.dmp

memory/2260-1296-0x00007FFCF65D0000-0x00007FFCF65DF000-memory.dmp

memory/2260-1295-0x00007FFCF6320000-0x00007FFCF6344000-memory.dmp

memory/2260-1293-0x00007FFCEC730000-0x00007FFCEC748000-memory.dmp

memory/2260-1292-0x00007FFCEC750000-0x00007FFCEC76B000-memory.dmp

memory/2260-1291-0x00007FFCEC770000-0x00007FFCEC792000-memory.dmp

memory/2260-1290-0x00007FFCECCF0000-0x00007FFCECD04000-memory.dmp

memory/2260-1289-0x00007FFCECD10000-0x00007FFCECD21000-memory.dmp

memory/2260-1288-0x00007FFCECD30000-0x00007FFCECD46000-memory.dmp

memory/2260-1278-0x00007FFCE6A90000-0x00007FFCE6DFC000-memory.dmp

memory/2260-1283-0x00007FFCF60E0000-0x00007FFCF60ED000-memory.dmp

memory/2260-1272-0x00007FFCE6E00000-0x00007FFCE7281000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-15 22:33

Reported

2024-12-15 22:36

Platform

win7-20240903-en

Max time kernel

117s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe

"C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe"

C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe

"C:\Users\Admin\AppData\Local\Temp\rlmarlbot V1.7.1.exe"

Network

N/A

Files

C:\Users\Admin\AppData\Local\Temp\_MEI29322\pip-24.3.1.dist-info\top_level.txt

MD5 365c9bfeb7d89244f2ce01c1de44cb85
SHA1 d7a03141d5d6b1e88b6b59ef08b6681df212c599
SHA256 ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508
SHA512 d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

C:\Users\Admin\AppData\Local\Temp\_MEI29322\python39.dll

MD5 1661de9dc158325038ea32685a182107
SHA1 31a5b206059bfbdd333a43e800cb466f5e5a4d1a
SHA256 21396ce6f622f16d6cba3d8ac1f469654fa49d9edd57d407919012fe26b03a0c
SHA512 d8c50191f5adbca5b5d2693b13453765d0130ebcef6f4525865b2f7b93863134592aa3c0c91f92c7d5edb3d8ddf5a190ec76417717250035bcd66aeb11510656

memory/896-1119-0x000007FEF62B0000-0x000007FEF6731000-memory.dmp