MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0d27e1904d942e4d52fbfbd2b8ab2753bfbad6f2f38de183bd2afe6d397b2807. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0d27e1904d942e4d52fbfbd2b8ab2753bfbad6f2f38de183bd2afe6d397b2807
SHA3-384 hash: 2923cc7a867281add4e4c423661ba0bdc305d28f0c6348a205db3d4da8cbbd540fc4e4cc9013c27be4c9ab22b662d267
SHA1 hash: abd5ac36ad15d36a2b568f7c17c683bd1ab6e7b1
MD5 hash: 5ca4089c94b943e49179a9d09fe1001e
humanhash: triple-uniform-eleven-jersey
File name:5ca4089c94b943e49179a9d09fe1001e
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:352'256 bytes
First seen:2021-09-21 10:01:22 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d0a8c3f24685503ba25bd76f34c13b9e (8 x RedLineStealer, 3 x RaccoonStealer, 2 x DanaBot)
ssdeep 6144:h27eZaGyT0GIOurNqSQSL7QBDviLF+vDux1ZWY8Ljw/gsliOst:EC8T0G5urRPL74m5ai1F8L+i/
Threatray 2'128 similar samples on MalwareBazaar
TLSH T1E174AE20AA90C035E7B701F9597997A8A93D7EB15F2390CB22DD2BEE56347E49C30743
File icon (PE):PE icon
dhash icon 9824e3d0c4e72158 (4 x RedLineStealer, 1 x Stop, 1 x Smoke Loader)
Reporter zbetcheckin
Tags:32 exe RedLineStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
171
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Setup.exe
Verdict:
Malicious activity
Analysis date:
2021-09-21 05:28:25 UTC
Tags:
evasion trojan opendir loader rat redline stealer vidar raccoon
Link:
https://app.any.run/tasks/e5dcdb28-081e-45af-ac57-51ddb17b0730

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
RedLine
Create hunting rule
Link:
https://www.capesandbox.com/analysis/189829/
Detection(s):
Win.Malware.Generic-9895371-0
Create hunting rule

Win.Malware.Generic-9895401-0
Create hunting rule

Win.Malware.Generic-9895402-0
Create hunting rule

Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/98edc04d-7c92-42b8-9ef9-4be7d267ee34
Result
Threat name:
RedLine
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/854746
Signature
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Yara detected RedLine Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0d27e1904d942e4d52fbfbd2b8ab2753bfbad6f2f38de183bd2afe6d397b2807/
Threat name:
Win32.Trojan.Racealer
Create hunting rule
Status:
Malicious
First seen:
2021-09-20 22:53:22 UTC
AV detection:
13 of 28 (46.43%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=but6decnsqxe2ux37pjlrkzhko73vvxs6og6da55fl7g2ol3fadq._file
Verdict:
malicious
Similar samples:
1b8e0d6bf6bbc7bd304c72d27f68e40383a3107cdd286cdae3ad77cfb2877438
RedLineStealer
2e492cb7c8adba1e0e44b44c212802c8e891f0300d93060691e39f4f986da044
RedLineStealer
78923e3f6b4268a4df9f76b94af36dbd969aec16f3fb87ec05a9650815c02ce6
RedLineStealer
9ba1db35f1faf6730c60c798a290ad44ca12170b002b4e721428aa2750b4d31c
RedLineStealer
9c4589b45940c81fcc8722fa0f96f4b583995df1324a327eefbc276448ea4725
RedLineStealer
a6876f1c666576ddea4b4c4f7d4ade1c98154e3ea63a711beee37bfa9a5467d1
RedLineStealer
aa5e9ff271143c3cd205988c3100f1bb844d70d2930f04a2b2002e9c0951a74e
RedLineStealer
c9371cc485825207fe107e6600c14cfd9049c34f74c8c7332f16a20afea88164
RedLineStealer
faf49f9b1d785e077bd17c37eddec80c57d3ffc843a745e6854c9b7a6812b7e0
RedLineStealer
fb6bc2d81a684ce79e18aac92629f12193f6ebb69652c8d5119daf13f73d3cd5
RedLineStealer
+ 2'118 additional samples on MalwareBazaar
Result
Malware family:
redline
Create hunting rule
Score:
  10/10
Tags:
family:redline botnet:mix21.09 discovery infostealer spyware stealer
Link:
https://tria.ge/reports/210921-l2sfqabgam/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Reads user/profile data of web browsers
RedLine
RedLine Payload
Malware Config
C2 Extraction:
185.215.113.15:6043
Unpacked files
SH256 hash:
d670c31fad6182a5a43d07ac210633553df6aed5c0c3800754bf325da591385f
MD5 hash:
b276e37d7829aef4925f96ec30dda466
SHA1 hash:
e7b22ab78b0059c6592c1f02c91dd0cf0c2d6b01
Link:
https://www.unpac.me/results/889c6864-a493-4c66-b7da-0f5cc4ceba8f/
SH256 hash:
6437585600a3a9ebf3873827b93723838d0ccb14288d05b47061df2a84009688
MD5 hash:
1456d4ca134767a19bfe505955f2e9d6
SHA1 hash:
8154f1b7abf213a8fd100e36cc65a63644a6155d
Link:
https://www.unpac.me/results/889c6864-a493-4c66-b7da-0f5cc4ceba8f/
SH256 hash:
6fe6607dc84e588c6caab79919aa51bbc463ee0870f2d772bb70f7eec98d0fe2
MD5 hash:
40a509f2362e8f5b5c91b209631aaffd
SHA1 hash:
1fad623b80be7a633d33f30a9a92a204af430c0a
Link:
https://www.unpac.me/results/889c6864-a493-4c66-b7da-0f5cc4ceba8f/
SH256 hash:
0d27e1904d942e4d52fbfbd2b8ab2753bfbad6f2f38de183bd2afe6d397b2807
MD5 hash:
5ca4089c94b943e49179a9d09fe1001e
SHA1 hash:
abd5ac36ad15d36a2b568f7c17c683bd1ab6e7b1
Link:
https://www.unpac.me/results/889c6864-a493-4c66-b7da-0f5cc4ceba8f/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0d27e1904d942e4d52fbfbd2b8ab2753bfbad6f2f38de183bd2afe6d397b2807

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe 0d27e1904d942e4d52fbfbd2b8ab2753bfbad6f2f38de183bd2afe6d397b2807

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1638129/
Cape
Cape
https://www.capesandbox.com/analysis/189829/

Comments


Avatar
zbet commented on 2021-09-21 10:01:23 UTC

url : hxxp://sliderfriday.top/jollion/apines.exe