MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0abb7a8a9e8ae8584f07303c705ae630899b394028e092b72594b3158b4cdc56. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 11


Intelligence 11 IOCs 1 YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0abb7a8a9e8ae8584f07303c705ae630899b394028e092b72594b3158b4cdc56
SHA3-384 hash: 73a12bb5a2c29a7b443eac2a4f38c6a049eba4a760495ce8688fe9b72bbcae8c41423ae2bce5bd6f697f70fddaceae44
SHA1 hash: 5398dcbbc5df960616b62c1ea1dc4946524189c3
MD5 hash: 815b6c913c17dc6a7c1b16f12d611c52
humanhash: uncle-red-massachusetts-harry
File name:815b6c913c17dc6a7c1b16f12d611c52.exe
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:405'504 bytes
First seen:2022-01-20 06:36:59 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 140966036910a5f510e2a5a7cba50e06 (14 x RedLineStealer)
ssdeep 6144:56SLtz2Y01Wd8ZJByIJkoxFn18a8lJAJfisF6m4mES:nV2Y01U8ZvyujuJAJqsA/mES
Threatray 4'463 similar samples on MalwareBazaar
TLSH T1AF84E0347A90D433C7815970443ECFA04ABEBC712964864777A43BAEAE35291216F37F
File icon (PE):PE icon
dhash icon f8fcb4b4b4f4d9c9 (1 x RedLineStealer)
Reporter abuse_ch
Tags:exe RedLineStealer


Avatar
abuse_ch
RedLineStealer C2:
45.9.20.111:1355

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
45.9.20.111:1355 https://threatfox.abuse.ch/ioc/303028/

Intelligence

File Origin
# of uploads :
1
# of downloads :
180
Origin country :
n/a
Vendor Threat Intelligence
Detection:
RedLine
Create hunting rule
Link:
https://www.capesandbox.com/analysis/220869/
Detection(s):
Win.Malware.Generic-9936948-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
DNS request
Result
Malware family:
n/a
Score:
  9/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/4830/overview
Behaviour
MalwareBazaar
CPUID_Instruction
MeasuringTime
SystemUptime
EvasionQueryPerformanceCounter
CheckCmdLine
EvasionGetTickCount
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware
Link:
https://www.filescan.io/uploads/61e90325d32385db630d3b94/reports/7b286d9f-2d2a-4931-b45e-384f67de8a67/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Malicious Packer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/6de0ebce-5634-402f-825f-eef45fcba265
Result
Threat name:
RedLine
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/924009
Signature
Detected unpacking (overwrites its own PE header)
Found malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Yara detected RedLine Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0abb7a8a9e8ae8584f07303c705ae630899b394028e092b72594b3158b4cdc56/
Threat name:
Win32.Ransomware.StopCrypt
Create hunting rule
Status:
Malicious
First seen:
2022-01-20 07:22:48 UTC
AV detection:
26 of 28 (92.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bk5xvcu6rlufqtyhga6hawxggcezwokafdqjfnzfsszrlc2m3rla._file
Verdict:
malicious
Similar samples:
02a1be5f6bac2f03f8dc06a3b94f346ab67f18b70703b80d91ca47478f6d8c5f
RedLineStealer
0e08cc4751863c2150282dae704864e2b80feb930314ee9b3db331ec8fc4043b
RedLineStealer
849beb1413d9750e1bad8a3758dc87053d47fe5cba1528723414c918625e6d27
RedLineStealer
8a6b85587a7c87d3f2da53fd4570b961a8a3d606ba2f337bbe0ebe6b07c97989
RedLineStealer
a0e3df170ddc6f7fe8298743e0c158175b84c4605650361c51debe34a26a35fa
RedLineStealer
a2cac07f9147dff643d6a810b9370d8fc2551a692d95b378fcc7b3086c44193e
RedLineStealer
a981e21aac19c98e126737f1ffeb2e4040cca00f393d4c3a9b705baf9df00986
RedLineStealer
e3d47cf720441db8fad6021333ef201927e070bda5e781f5c2bb2f95d2d0b137
RedLineStealer
+ 4'453 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery spyware stealer
Link:
https://tria.ge/reports/220120-hdgsjagdeq/
Behaviour
Suspicious use of AdjustPrivilegeToken
Checks installed software on the system
Reads user/profile data of web browsers
Unpacked files
SH256 hash:
4482c8da1743ba343cbc1ce31d4286e658040e3da37de2b72e4169fd7249e8bf
MD5 hash:
925e4096edb29345423f418baf42d91b
SHA1 hash:
f9669495412c387eeb33575ae1a3f423d8857414
Link:
https://www.unpac.me/results/dd7ba287-cfe4-4f2a-b3ed-dde63d903b3b/
SH256 hash:
51cd6a24d9cd54284fcbe572515477e2ceb2c370c03b41f00db072ec2b279c3b
MD5 hash:
bbd385cd69cc12b32c4acd442be19d09
SHA1 hash:
a7dacfc795e53f9a668461dc025e6f4e135bc616
Link:
https://www.unpac.me/results/dd7ba287-cfe4-4f2a-b3ed-dde63d903b3b/
SH256 hash:
1439a02fef8a5a5cbc1e01085030e7e7a4a4bbb2c7a050c3f1d85b0aa87f4a66
MD5 hash:
ce925fb115d230044cf2992b463fd1e5
SHA1 hash:
8b62f961dc8089a2ea2d1f50139e7fbb884f12aa
Link:
https://www.unpac.me/results/dd7ba287-cfe4-4f2a-b3ed-dde63d903b3b/
SH256 hash:
0abb7a8a9e8ae8584f07303c705ae630899b394028e092b72594b3158b4cdc56
MD5 hash:
815b6c913c17dc6a7c1b16f12d611c52
SHA1 hash:
5398dcbbc5df960616b62c1ea1dc4946524189c3
Link:
https://www.unpac.me/results/dd7ba287-cfe4-4f2a-b3ed-dde63d903b3b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0abb7a8a9e8ae8584f07303c705ae630899b394028e092b72594b3158b4cdc56

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe 0abb7a8a9e8ae8584f07303c705ae630899b394028e092b72594b3158b4cdc56

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1849294/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/220869/

Comments