MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0d5b06c5a7a55b382d9d383884b51fd1bfee2a1166f8778f16f3163207d0d373. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0d5b06c5a7a55b382d9d383884b51fd1bfee2a1166f8778f16f3163207d0d373
SHA3-384 hash: e26827a5f5812b1b35c38484c2a0e9306dcdce166e9a7f2c99ed39136da3f46c68f6eacdfd73045c15bfa2375164b839
SHA1 hash: e439b35866d02d80f38fcb636cd71174d6f8ed6e
MD5 hash: 218e564d52558e9437a00601e0289a88
humanhash: white-freddie-aspen-queen
File name:SecuriteInfo.com.Trojan.PWS.Siggen2.61843.30671.18962
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:987'136 bytes
First seen:2021-03-11 14:47:49 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:plyJpbX37D2ix3GHLrKb2K1pgZdETJQ3Krcrlhiz6021uyso4rCGpZYA0ex:PwLtx3AKh1qZdVKrcBgp2IyVzGprx
Threatray 300 similar samples on MalwareBazaar
TLSH 97256C193B50E950C1AA1A37C8CF852443FD9E5336B2FB2A38D937E90532B694D4F4DA
Reporter SecuriteInfoCom
Tags:RedLineStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
201
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Trojan.PWS.Siggen2.61843.30671.18962
Verdict:
Suspicious activity
Analysis date:
2021-03-11 15:10:58 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/a1a70389-be3e-4778-ae77-fa18cf3f9b89

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/123821/
Detection(s):
SecuriteInfo.com.Trojan.PWS.Siggen2.61843.30671.18962.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Sending a custom TCP request
Creating a window
Sending a UDP request
Unauthorized injection to a recently created process
Creating a file
Connection attempt
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
RedLine
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/636959
Signature
Hides that the sample has been downloaded from the Internet (zone.identifier)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Yara detected RedLine Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0d5b06c5a7a55b382d9d383884b51fd1bfee2a1166f8778f16f3163207d0d373/
Threat name:
ByteCode-MSIL.Infostealer.Dridex
Create hunting rule
Status:
Suspicious
First seen:
2021-02-26 00:30:47 UTC
AV detection:
24 of 28 (85.71%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
07967e861e991eabea5649e7e6de840028a2b217d2a9f354315c9b8f25e34068
RedLineStealer
1df627a462077149e7a934ea1b758c8fccf34933f340fab14ca8976b4a6a5c20
RedLineStealer
1eec60cc3fe95b8f138a1053af0bafb598760075adabd8a99dced1ccf3302df4
RedLineStealer
698d8eb9976de9233bd2592db30d55e72bc8da319628c00ceefbdd18084f8f86
RedLineStealer
70d86fc8d1247dcd26ed0927411614973d45216d676978f768e14cb16d362536
RedLineStealer
8948c6ec9f9e49de7b8546ae27fbaf0d95cb773c27cd10a1d62a45f7608dd651
RedLineStealer
ceb9cf440fc521f09a503e90889acb7f51b4c39ce8a8c4d37dd8304fca2db4ce
RedLineStealer
d1fa4207d7c46c5f84b1c45e7b5d09aa9c99c896b0e25664bee3b13fcaabcfad
RedLineStealer
ec744aeae689c95f44a24eb398e65c3a722595de5504db84b2e41488f30a7510
RedLineStealer
fe0a5fde4fbbddd79d2938af2373c69a8219ea73831be712f1bca86150a30461
RedLineStealer
+ 290 additional samples on MalwareBazaar
Result
Malware family:
redline
Create hunting rule
Score:
  10/10
Tags:
family:redline infostealer
Link:
https://tria.ge/reports/210311-pp7epsxzsx/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
RedLine
RedLine Payload
Unpacked files
SH256 hash:
0d5b06c5a7a55b382d9d383884b51fd1bfee2a1166f8778f16f3163207d0d373
MD5 hash:
218e564d52558e9437a00601e0289a88
SHA1 hash:
e439b35866d02d80f38fcb636cd71174d6f8ed6e
Link:
https://www.unpac.me/results/d1cea7af-c93c-4f90-a8e9-ee867002089c/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
AgentTesla
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0d5b06c5a7a55b382d9d383884b51fd1bfee2a1166f8778f16f3163207d0d373

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe 0d5b06c5a7a55b382d9d383884b51fd1bfee2a1166f8778f16f3163207d0d373

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1061407/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/123821/

Comments