MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 016c7bf3a1ab43f72a3a498ee4f38a3d45db321cb7eb33c2f48ec885024eaca8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 016c7bf3a1ab43f72a3a498ee4f38a3d45db321cb7eb33c2f48ec885024eaca8
SHA3-384 hash: a314473b7555eb285f594a5b2a34092c2212188ba5aa8f195fca71703c1f93645ccaef3c8c7645a9c1662a9e5535392c
SHA1 hash: 62fb08c5dbb4dfa3ba577b5ddb5ab64adcd722b4
MD5 hash: 09098221663beee11dc7b2c8d9776db0
humanhash: hawaii-lemon-butter-magazine
File name:09098221663beee11dc7b2c8d9776db0.exe
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:707'584 bytes
First seen:2021-10-10 11:49:24 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d65c67dd6f4a95898a66b39f504dd200 (4 x RedLineStealer, 1 x CryptBot, 1 x RaccoonStealer)
ssdeep 12288:2uSHJrM4pHUBsAFyShp5pyHIOnHy8ZpFeb8Ku4NnRpnVar/3DAgVOIXDh0:2uSHJYyisSyShp5XcDC8KnJnVarLAjI2
Threatray 774 similar samples on MalwareBazaar
TLSH T1B7E4E018F7A0C035F6B216F4897983A9A93E7EA15B2580CF52DD36EE46346E1EC30357
File icon (PE):PE icon
dhash icon 9824e7d0c4e72158 (35 x RedLineStealer, 23 x Smoke Loader, 14 x ArkeiStealer)
Reporter abuse_ch
Tags:exe RedLineStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
187
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
09098221663beee11dc7b2c8d9776db0.exe
Verdict:
Malicious activity
Analysis date:
2021-10-10 11:54:29 UTC
Tags:
evasion opendir
Link:
https://app.any.run/tasks/3359a020-3579-4249-a52f-631b921399ec

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
RedLineDropperAHK
Create hunting rule
Link:
https://www.capesandbox.com/analysis/196372/
Detection(s):
SecuriteInfo.com.Ransom.Stop.Z5.23851.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a window
DNS request
Connection attempt
Sending a custom TCP request
Sending an HTTP GET request
Creating a file in the %AppData% subdirectories
Launching a process
Creating a file in the Windows subdirectories
Deleting a recently created file
Forced shutdown of a system process
Unauthorized injection to a system process
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
greyware packed stop
Link:
https://www.filescan.io/uploads/6162d36f3831960005b2b780/reports/eba62688-c852-4527-a46b-ceba0a786277/overview
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/016c7bf3a1ab43f72a3a498ee4f38a3d45db321cb7eb33c2f48ec885024eaca8/
Threat name:
Win32.Trojan.RedLineStealer
Create hunting rule
Status:
Malicious
First seen:
2021-10-09 20:08:17 UTC
AV detection:
28 of 45 (62.22%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=afwhx45bvnb7okr2jghoj44khvc5wmq4w7vthqxur3eikasovsua._file
Verdict:
malicious
Similar samples:
10ec025e158cd3b34081f2c5ae72eac2beb12acb5833a01c6ac3d426cf0dee55
RedLineStealer
16075a1ae3ca487866a8c061682a953fa87c6ccb28dd32524bdb8cfdc6bf6559
RedLineStealer
372147979edf4928519b7cc09ae05ab8dc5bfc90f699b44befe966e0c4587107
RedLineStealer
578cce001b43605e2afee0c3eae2ec5c7a7a9447b5ab12db9e102b39b3bc4488
RedLineStealer
62b9a227f035544237037d32dda4613226215ae67d18f344f5d1f7533ef726f4
RedLineStealer
6548d5a6f78cbf7d84dbadeca4a707305ba3fdce85f423a8e7199c3ab37dce70
RedLineStealer
8fc76e4b14fc2f43e710a43ad79e168513b97a4dccee37af410405f9836faca8
RedLineStealer
bbc01794724376466ead908e7ffb86897788fa18361327418e8e4c98ed510164
RedLineStealer
+ 764 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://tria.ge/reports/211010-nzllhafge5/
Behaviour
Checks processor information in registry
Enumerates physical storage devices
Legitimate hosting services abused for malware hosting/C2
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/016c7bf3a1ab43f72a3a498ee4f38a3d45db321cb7eb33c2f48ec885024eaca8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe 016c7bf3a1ab43f72a3a498ee4f38a3d45db321cb7eb33c2f48ec885024eaca8

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/196372/
  
URLhaus
https://urlhaus.abuse.ch/url/1662341/
  
Delivery method
Distributed via web download

Comments