MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0e041d06cf4c8b7ed4e1fd8bd71bc4d06d575365fc261db2013ca046414827e1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 13


Intelligence 13 IOCs 1 YARA 5 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0e041d06cf4c8b7ed4e1fd8bd71bc4d06d575365fc261db2013ca046414827e1
SHA3-384 hash: 002edf146e4e6cda3423afc267e12582b5c54c600113b856142a747c68681c88fb2924ac2e743ff19cae189ea52a99b4
SHA1 hash: 45c408a0d4dc822c6c5006476c4ce9f44fffa542
MD5 hash: a90be429c9884c38dcdcde354f96e5eb
humanhash: island-nine-lima-berlin
File name:a90be429c9884c38dcdcde354f96e5eb.exe
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:7'548'005 bytes
First seen:2022-02-03 02:41:13 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c05041e01f84e1ccca9c4451f3b6a383 (141 x RedLineStealer, 103 x GuLoader, 64 x DiamondFox)
ssdeep 196608:JTyiFkfRvi5BeBQDe8gtdQA4W3lGwW2K4LK6Agf7doYHS0LYG:JeDcuP3QA4W3lGwY426AgjdoG3LYG
Threatray 1'377 similar samples on MalwareBazaar
TLSH T1B27633D421ABA45BD5AFD978E7F1303B6EA4B50B1F12E5BDFF1A502B31B6182C10214B
File icon (PE):PE icon
dhash icon b2a89c96a2cada72 (2'283 x Formbook, 981 x Loki, 803 x AgentTesla)
Reporter abuse_ch
Tags:exe RedLineStealer


Avatar
abuse_ch
RedLineStealer C2:
116.203.252.195:22021

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
116.203.252.195:22021 https://threatfox.abuse.ch/ioc/377489/

Intelligence

File Origin
# of uploads :
1
# of downloads :
141
Origin country :
n/a
Vendor Threat Intelligence
Detection:
RedLine
Create hunting rule
Link:
https://www.capesandbox.com/analysis/231518/
Detection(s):
Win.Packed.Barys-9859263-0
Create hunting rule

Win.Malware.Barys-9859499-0
Create hunting rule

Win.Packed.Barys-9859531-0
Create hunting rule

Win.Packed.Jaik-9863991-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Сreating synchronization primitives
Creating a process from a recently created file
Creating a file
Sending a custom TCP request
Searching for the window
Running batch commands
Launching a process
DNS request
Searching for synchronization primitives
Creating a window
Launching the default Windows debugger (dwwin.exe)
Creating a process with a hidden window
Sending an HTTP GET request
Launching cmd.exe command interpreter
Unauthorized injection to a recently created process
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/5823/overview
Behaviour
MalwareBazaar
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
control.exe overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/61fb41026d25ac9e79ffebb4/reports/f9ce0d4d-b8a5-4d37-a497-0f41db7a65f9/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Socelars
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/e5fa0a58-bad9-426e-8d76-dee988776c20
Result
Threat name:
RedLine SmokeLoader Socelars onlyLogger
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/932977
Signature
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code references suspicious native API functions
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Antivirus detection for URL or domain
Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
Checks if the current machine is a virtual machine (disk enumeration)
Contains functionality to inject code into remote processes
Creates a thread in another existing process (thread injection)
Detected unpacking (changes PE section rights)
Disables Windows Defender (via service or powershell)
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Maps a DLL or memory area into another process
May check the online IP address of the machine
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Obfuscated command line found
PE file has a writeable .text section
PE file has nameless sections
Performs DNS queries to domains with low reputation
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to evade analysis by execution special instruction which cause usermode exception
Yara detected Generic Downloader
Yara detected onlyLogger
Yara detected RedLine Stealer
Yara detected SmokeLoader
Yara detected Socelars
Yara detected WebBrowserPassView password recovery tool
Yara Genericmalware
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 565455 Sample: XKPppNZNEj.exe Startdate: 03/02/2022 Architecture: WINDOWS Score: 100 76 185.244.150.84 HSAE Netherlands 2->76 78 61.98.7.132 SKB-ASSKBroadbandCoLtdKR Korea Republic of 2->78 80 9 other IPs or domains 2->80 86 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->86 88 Malicious sample detected (through community Yara rule) 2->88 90 Antivirus detection for URL or domain 2->90 92 20 other signatures 2->92 10 XKPppNZNEj.exe 10 2->10         started        signatures3 process4 file5 50 C:\Users\user\AppData\...\setup_installer.exe, PE32 10->50 dropped 13 setup_installer.exe 23 10->13         started        process6 file7 52 C:\Users\user\AppData\...\setup_install.exe, PE32 13->52 dropped 54 C:\...\61f8529d4bcc4_Mon21807de0c4dd.exe, PE32 13->54 dropped 56 C:\Users\...\61f8529bbec8a_Mon2181997218.exe, PE32 13->56 dropped 58 18 other files (10 malicious) 13->58 dropped 16 setup_install.exe 1 13->16         started        process8 dnsIp9 60 127.0.0.1 unknown unknown 16->60 62 hornygl.xyz 16->62 82 Performs DNS queries to domains with low reputation 16->82 84 Disables Windows Defender (via service or powershell) 16->84 20 cmd.exe 16->20         started        22 cmd.exe 1 16->22         started        24 cmd.exe 1 16->24         started        26 8 other processes 16->26 signatures10 process11 signatures12 29 61f8528b828b8_Mon211b4d96a.exe 20->29         started        32 61f852857e662_Mon2199abeea.exe 14 5 22->32         started        36 61f8528374ac3_Mon218e04793.exe 1 1 24->36         started        94 Obfuscated command line found 26->94 96 Disables Windows Defender (via service or powershell) 26->96 38 61f852884c7af_Mon21d7871a144.exe 26->38         started        40 61f852848422d_Mon21ecb4b0443f.exe 26->40         started        42 61f8528964fe0_Mon2131debd0a.exe 26->42         started        44 2 other processes 26->44 process13 dnsIp14 98 Multi AV Scanner detection for dropped file 29->98 100 Detected unpacking (changes PE section rights) 29->100 102 Machine Learning detection for dropped file 29->102 112 4 other signatures 29->112 64 iplogger.org 148.251.234.83, 443, 49744, 49750 HETZNER-ASDE Germany 32->64 66 cdn.discordapp.com 162.159.130.233, 443, 49749 CLOUDFLARENETUS United States 32->66 46 C:\Users\user\AppData\Local\...\LzmwAqmV.exe, PE32 32->46 dropped 104 Antivirus detection for dropped file 32->104 106 May check the online IP address of the machine 32->106 68 ip-api.com 208.95.112.1, 49742, 80 TUT-ASUS United States 36->68 70 www.hhiuew33.com 45.136.151.102, 49759, 49761, 80 ENZUINC-US Latvia 36->70 48 C:\Users\user\AppData\Local\Temp\11111.exe, PE32 36->48 dropped 72 www.listincode.com 149.28.253.196, 443, 49743 AS-CHOOPAUS United States 38->72 74 192.168.2.1 unknown unknown 38->74 108 Contains functionality to inject code into remote processes 40->108 110 Injects a PE file into a foreign processes 40->110 file15 signatures16
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0e041d06cf4c8b7ed4e1fd8bd71bc4d06d575365fc261db2013ca046414827e1/
Threat name:
Win32.Trojan.SmallDownloader
Create hunting rule
Status:
Malicious
First seen:
2022-02-02 01:40:26 UTC
AV detection:
28 of 43 (65.12%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bycb2bwpjsfx5vhb7wf5og6e2bwvou3f7qtb3mqbhsqemqkie7qq._file
Verdict:
malicious
Similar samples:
1e769ecd87928bf1e50a23f6e159c7326a1c6724f66e53d0f3d920784bb15257
RedLineStealer
55560b608e7a7515329d395c72dc9cebc5cdd7b4c0f153d6e02eb74c2a609feb
RedLineStealer
59120af2ca9c8bc1176a4dc543135c7f0629682d73cb086c97117befa7003388
RedLineStealer
8eb464ddff8d1b4844641e7e1eefdcb9cd5830a3e63d19fe0c061db6a21b4405
RedLineStealer
ad8da7f38644aa54c0983c703436a872daecd353e1470e831aa209e0b37f837e
RedLineStealer
fea660657f6285124e61fe5dcafe9374344d941e6fbeaa89f3a2640572ccc784
RedLineStealer
+ 1'367 additional samples on MalwareBazaar
Result
Malware family:
socelars
Create hunting rule
Score:
  10/10
Tags:
family:onlylogger family:redline family:socelars botnet:media272262 botnet:v1user1 aspackv2 infostealer loader stealer suricata
Link:
https://tria.ge/reports/220203-c64vwacggq/
Behaviour
Enumerates processes with tasklist
Kills process with taskkill
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
Looks up geolocation information via web service
Checks computer location settings
Loads dropped DLL
ASPack v2.12-2.42
Downloads MZ/PE file
Executes dropped EXE
OnlyLogger Payload
OnlyLogger
Process spawned unexpected child process
RedLine
RedLine Payload
Socelars
Socelars Payload
suricata: ET MALWARE GCleaner Downloader Activity M5
Malware Config
C2 Extraction:
http://www.tpyyf.com/
92.255.57.115:11841
116.203.252.195:22021
Unpacked files
SH256 hash:
878a66e42ee928abdf6edee9480b7f95c68c460882393ad6cbfc4e1464e125c3
MD5 hash:
8678bb675885050aa8cd95d9daece36f
SHA1 hash:
8a7b4a8bbcd75ce36c5c1f6b2e6cced498567812
Link:
https://www.unpac.me/results/e92577df-3bea-401f-9395-57642fd0f12e/
SH256 hash:
4b6982e5d5d8e44250ab950e8700a56cc3661744146a9ccca3d875ddf4b693b8
MD5 hash:
d4040fc8c95ad24cc02b46242d0a6e7b
SHA1 hash:
6841b9e754d24a9d0188aaffd63580cf216cbd40
Link:
https://www.unpac.me/results/e92577df-3bea-401f-9395-57642fd0f12e/
SH256 hash:
565cb30a640d5cb469f9d93c969aab083fa14dfdf983411c132927665531795c
MD5 hash:
83b531c1515044f8241cd9627fbfbe86
SHA1 hash:
d2f7096e18531abb963fc9af7ecc543641570ac8
Link:
https://www.unpac.me/results/e92577df-3bea-401f-9395-57642fd0f12e/
SH256 hash:
e79ff194eb355b0ff63a5cfd5f6e94367ff2f267d60c9f2df6cbc844bd115e06
MD5 hash:
9d9c68549cf06b0485742e0865f5390c
SHA1 hash:
b23241ac8419df6bb0a930ac80cdae9edbd55893
Link:
https://www.unpac.me/results/e92577df-3bea-401f-9395-57642fd0f12e/
SH256 hash:
a7e37f5314834b163fa21557e61c13c0f202fd64d3c0e46e6c90d2d02e033aec
MD5 hash:
6faec01bf7a3d7f5c5dee2e6e3143a58
SHA1 hash:
603a36f817cab5574e58ab279379e5c112e5fb37
Link:
https://www.unpac.me/results/e92577df-3bea-401f-9395-57642fd0f12e/
SH256 hash:
6460754c17ab602b0ddfd2a82e637748b4a54139f6dbefa848ff01722a077acc
MD5 hash:
64638fe3e9d9acbcfe027bac3d0a7fab
SHA1 hash:
ff0d35497c4d6676a01a57db299df9847b382126
Link:
https://www.unpac.me/results/e92577df-3bea-401f-9395-57642fd0f12e/
SH256 hash:
46472bd005f263fa54c233aeff5ff97aefbbb296e08761769f4a15abc0b1b3cd
MD5 hash:
4615fe722b83eb7b779c0fa4e55803dd
SHA1 hash:
e87103ba3aeab21674583ae0e4756f40475b33a2
Link:
https://www.unpac.me/results/e92577df-3bea-401f-9395-57642fd0f12e/
SH256 hash:
8dc28d0b62c93755ad08231fde0c3615c3c7962ce5f04f0855f971c28ae0ecd7
MD5 hash:
de64b5aad639a8cc93867f97c12a4347
SHA1 hash:
b257d1e3736b641599188196f22f70f8d3ab0a38
Link:
https://www.unpac.me/results/e92577df-3bea-401f-9395-57642fd0f12e/
SH256 hash:
31dd379524bf546a5cb1589ad4ad19669252c3030996c53d3bb08ce6dd19091b
MD5 hash:
3ae28392c9054a6bb8ebfaa209174735
SHA1 hash:
7835a3dcfeba2431d7ff144a454a84c797c94dff
Link:
https://www.unpac.me/results/e92577df-3bea-401f-9395-57642fd0f12e/
SH256 hash:
4072ffb5ad097ba287b44b29dc31a607a8cd06fa6661d25832dbe55047f75695
MD5 hash:
ca8db6b04d36bcff1096ed4429c5871c
SHA1 hash:
5341f7b2b17d2aa7b98044c4e24d605a41ec99d0
Link:
https://www.unpac.me/results/e92577df-3bea-401f-9395-57642fd0f12e/
SH256 hash:
15baae9f4e811af8996563a4e9e21e6fa5110222b25ab58ce0f1e19b1cfea64b
MD5 hash:
4e27f2fd6fac0a06791ac2e60c7de95e
SHA1 hash:
46dbe47355450e684334f0239eaa797858899581
Link:
https://www.unpac.me/results/e92577df-3bea-401f-9395-57642fd0f12e/
SH256 hash:
9eb6bd5688169df898ae1c7695874f6d1944362de8b26ac9141daee49485241d
MD5 hash:
ede71472a2b681b6cb28b5032049651b
SHA1 hash:
404a51358befa4986424ca139bcc49f1c6b4a1ca
Link:
https://www.unpac.me/results/e92577df-3bea-401f-9395-57642fd0f12e/
SH256 hash:
e2beaf61ef8408e20b5dd05ffab6e1a62774088b3acdebd834f51d77f9824112
MD5 hash:
ce54b9287c3e4b5733035d0be085d989
SHA1 hash:
07a17e423bf89d9b056562d822a8f651aeb33c96
Link:
https://www.unpac.me/results/e92577df-3bea-401f-9395-57642fd0f12e/
SH256 hash:
245a869dc8a9bcb2190b5da3ea234740d79798385784e8db7aa3f2d2745192aa
MD5 hash:
4f93004835598b36011104e6f25dbdba
SHA1 hash:
6cb45092356c54f68d26f959e4a05ce80ef28483
Link:
https://www.unpac.me/results/e92577df-3bea-401f-9395-57642fd0f12e/
SH256 hash:
e1cc6a9d780602fe6e789bf5c3a27e87e197a4e3bf7c8138ea2f9dfec70fb963
MD5 hash:
f707252b9c9579677fffb013e0cfc646
SHA1 hash:
8ab483023fa8773afb8c13464c39c5b8e687f126
Link:
https://www.unpac.me/results/e92577df-3bea-401f-9395-57642fd0f12e/
SH256 hash:
69c11861632920ecd6ad64e4daa7a75f53118e7624e655e70eae21983dafef80
MD5 hash:
858cc72c8d173150c4d12f862d86dea1
SHA1 hash:
389f375e9f833472d34ef931748fbe192c7bb140
Link:
https://www.unpac.me/results/e92577df-3bea-401f-9395-57642fd0f12e/
SH256 hash:
c578b4ca291f2b9bcb20137c146bb23d3220dda34226a97fe37e2cf021d8f3c0
MD5 hash:
da70ba6fa59896248f7c05fdcb7d581e
SHA1 hash:
174cb2b083e327a362b6ecac68fe939a40743ffb
Link:
https://www.unpac.me/results/e92577df-3bea-401f-9395-57642fd0f12e/
SH256 hash:
3e416c5d441ece78b6285c9298fc7741335ff2aeb5f240c4b207d5c367010d17
MD5 hash:
acab8ac52a396a3cb0ca3add81b58dd8
SHA1 hash:
fe9586b17091b1b00174eff2bbf2210dbabf49ca
Link:
https://www.unpac.me/results/e92577df-3bea-401f-9395-57642fd0f12e/
SH256 hash:
ceb192ff08bda7b4cb12d2f55806be2e5038e0701a8304dc210e9348a4d50b34
MD5 hash:
2b1c72b8354a9ce3204548c7cb0fc24e
SHA1 hash:
7790b7ade96afde27a5c1887394891932b5780e6
Link:
https://www.unpac.me/results/e92577df-3bea-401f-9395-57642fd0f12e/
SH256 hash:
8e2ae4335c083422976d84249188bf54bfe8e6c5e2771e181ed254cd781dc0f9
MD5 hash:
e0ee366fdb7b0343b951bd22244b05d4
SHA1 hash:
4559c6c0e31fd629c2ec857ca8b53f455a33e520
Link:
https://www.unpac.me/results/e92577df-3bea-401f-9395-57642fd0f12e/
SH256 hash:
9912e7f9e9c18f46e965ca48ed65de8a28de7d301336500aaa5fd461e948822f
MD5 hash:
32404da1b26037746f9bf0d5628ea968
SHA1 hash:
8d2bf53983638235d5cc2f81171839801ba02e84
Link:
https://www.unpac.me/results/e92577df-3bea-401f-9395-57642fd0f12e/
SH256 hash:
721d393191597d49d856baef2fbde75e48f52d0465e2cfabf1a41848b0e05589
MD5 hash:
b984a027c8a2abf874f3eb306a831613
SHA1 hash:
d3b3f8890adc840b0bd411cf304eef15d415ed48
Link:
https://www.unpac.me/results/e92577df-3bea-401f-9395-57642fd0f12e/
Parent samples :
fb9b41efdc7c2d9e8cfda4be223831a9d2f4d21366759da64e04bbbb9e662766
bc9d49f4f0d51c57b34515616d5e6a23a37fec03f8884d8305db0806bd6138fc
ecb96fec4db4a1eecef04c8ef12b260bb419407111c1263664749481b7fa5387
98c920233869ce802fb4722f982fc1a8c2461e2a01ea4a619a9532a660acf285
2fde1682e006e27b2deb49595ab3baf37a836577fbe9efdfae59d4b6b682d8b7
2374069183727dd5904a26027c80032f30dcff60d25019578876c0b37fa9c224
bd3030832602591f05fe01ef11feaa3b9fe776b2a184eb454f02cae3ab73340b
a0f15f4665835bb7f3b07d5e96d2b08af8e88614c9b22fc9fff86f4f60ee1a8e
c91dec1cd5b97079481c76d5d597dde67b60c301ea900eab7db99776d52b465a
SH256 hash:
b825221166a75ab85ce3546ea23ffed6303050a11c3efb74904bd2fdbf3004f7
MD5 hash:
420d0b00d507602d84c1f3dfbad558f7
SHA1 hash:
645b90f2b003bd6faa1a4d4bd6c25a908b2c3cef
Link:
https://www.unpac.me/results/e92577df-3bea-401f-9395-57642fd0f12e/
SH256 hash:
cf5e8724c569414e70e53d3e02b8e957047d2a2f2711fcfd9e19bf8e6e2cbd02
MD5 hash:
e9c1e8363c20eaca7c626055554fa51f
SHA1 hash:
b54eca93d035ed0082ae48d9620583e37539dfa9
Link:
https://www.unpac.me/results/e92577df-3bea-401f-9395-57642fd0f12e/
SH256 hash:
406f12141936fde0e121962d837bc6699f778d5db639ae72b5f3b7a8a343b4c3
MD5 hash:
7af3ca1759c7aee6e335543124dd8f80
SHA1 hash:
14bdede5daa3b2080e35a2bd64c3bb35c9d3b018
Link:
https://www.unpac.me/results/e92577df-3bea-401f-9395-57642fd0f12e/
SH256 hash:
cf710c15edceda8dd6c5c2d1688d0a8f46f2faf249df0b53f8505e50e904568c
MD5 hash:
773feb028bd61a14b1a33a0dc27228a9
SHA1 hash:
8a9b53b571f32eaa45e4d33534f56848e6c2dda0
Link:
https://www.unpac.me/results/e92577df-3bea-401f-9395-57642fd0f12e/
SH256 hash:
979163661b1b47f01c37a5c660c968f72688f410d9017f65ff7f0fd826217266
MD5 hash:
c78bc7cebf5de8cf4e47ae6416889f4a
SHA1 hash:
770fc6b6d5340bbcbd0f81573721b212f6056f73
Link:
https://www.unpac.me/results/e92577df-3bea-401f-9395-57642fd0f12e/
SH256 hash:
87e1eb313906cb02de31fe0f6def525a59eee8e30fb30203194fc8661a310954
MD5 hash:
d303e58e88df27d96b8e45ba5ea98f3e
SHA1 hash:
731fb0c867c9c453289a07d5a4ae7d90207724ba
Link:
https://www.unpac.me/results/e92577df-3bea-401f-9395-57642fd0f12e/
SH256 hash:
31a02695991ac6c8517b7b6d29244062422c53d68bb3c794d89c22cc925e9fef
MD5 hash:
1918757e041494c289f2e5769e420216
SHA1 hash:
123e35243d8e6177e89446ff13ba75fd8fd10c3d
Link:
https://www.unpac.me/results/e92577df-3bea-401f-9395-57642fd0f12e/
SH256 hash:
6c8a1ef8b0b9f7cbb9ba4d96208d18fc0fd84b84b3d249fa7c214cc73e136766
MD5 hash:
8c2307223a7bacbd296aad827453e3a7
SHA1 hash:
acc2bbb0b0e19176d476bd2793a71245232cad88
Link:
https://www.unpac.me/results/e92577df-3bea-401f-9395-57642fd0f12e/
SH256 hash:
0e041d06cf4c8b7ed4e1fd8bd71bc4d06d575365fc261db2013ca046414827e1
MD5 hash:
a90be429c9884c38dcdcde354f96e5eb
SHA1 hash:
45c408a0d4dc822c6c5006476c4ce9f44fffa542
Link:
https://www.unpac.me/results/e92577df-3bea-401f-9395-57642fd0f12e/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0e041d06cf4c8b7ed4e1fd8bd71bc4d06d575365fc261db2013ca046414827e1

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_EXE_Packed_ASPack
Create hunting rule
Author:ditekSHen
Description:Detects executables packed with ASPack
Rule name:MALWARE_Win_DLInjector03
Create hunting rule
Author:ditekSHen
Description:Detects unknown loader / injector
Rule name:MALWARE_Win_RedLine
Create hunting rule
Author:ditekSHen
Description:Detects RedLine infostealer
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/231518/

Comments