MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 056b749998772e11397e44d87167c284198b4840cd935e4f2c5ff765cb448c88. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 056b749998772e11397e44d87167c284198b4840cd935e4f2c5ff765cb448c88
SHA3-384 hash: 53158953c061cd8749d8885d3511341e6aec088594f3ce1b0843c36832eb37b3f9f16fa9cfd4456a68f0af872412ae8b
SHA1 hash: 80a457aa079a97adb52e788037461839fbbefd52
MD5 hash: 39e9db86f0f9f9b8a6ebe8f550b92afa
humanhash: georgia-minnesota-stream-jig
File name:39e9db86f0f9f9b8a6ebe8f550b92afa.exe
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:1'027'584 bytes
First seen:2020-07-02 17:44:08 UTC
Last seen:2020-07-02 18:53:05 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 92997d4ba3ecb9f8ccc0c616f2ad29d6 (1 x RedLineStealer)
ssdeep 24576:QKYvjWX8DbFlDohklD0P1Zp68VFBEQFYdP31AWgBNeUELM/9X:QKGjWgJRDW1T643EQFQ31AhXELM/9X
TLSH 5C25120036E0D872ECA30E304975CC55437EFCB919E5699B729C3B1F1A252E29A35B6F
Reporter abuse_ch
Tags:exe RedLineStealer


Avatar
abuse_ch
RedLineStealer C2:
http://81.177.6.78/IRemotePanel

Intelligence

File Origin
# of uploads :
2
# of downloads :
93
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/18531/
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/056b749998772e11397e44d87167c284198b4840cd935e4f2c5ff765cb448c88/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-07-02 17:46:06 UTC
AV detection:
26 of 29 (89.66%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=avvxjgmyo4xbcol6itmhcz6cqqmywscazwjv4tzml73wls2ersea._file
Verdict:
unknown
Result
Malware family:
redline
Create hunting rule
Score:
  10/10
Tags:
evasion spyware trojan discovery infostealer family:redline
Link:
https://tria.ge/reports/200702-fyfj1pqx86/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Kills process with taskkill
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetThreadContext
Looks up external IP address via web service
Modifies system certificate store
Checks for installed software on the system
Reads user/profile data of web browsers
RedLine
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe 056b749998772e11397e44d87167c284198b4840cd935e4f2c5ff765cb448c88

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/403239/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/18531/

Comments