MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0e09d3298aae4a2a440ae32321a8f6db607e9cb072156b17eb8fb12b212c1cf6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 11


Intelligence 11 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0e09d3298aae4a2a440ae32321a8f6db607e9cb072156b17eb8fb12b212c1cf6
SHA3-384 hash: 32ffc6671534ed7b47298bee08c328cbd573d24dcf1f587a7e96bd800bb91f5f1da343c9fae26f1f3d5533f6b7c19c21
SHA1 hash: 02de56652fa90ab1304c4b22f394ba9d5e132dfd
MD5 hash: 41ccae281672141f14028e730c70b618
humanhash: river-colorado-cold-bluebird
File name:41ccae281672141f14028e730c70b618.exe
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:355'328 bytes
First seen:2021-02-19 07:54:12 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 65623ad6588654efc5ff89fc5975e592 (5 x RedLineStealer)
ssdeep 6144:TYI1JWCrhhzlv6flnULzYRY124mrt/S8kCRyYb0Kn4a8:pJ/F116flKzM62445b4Gn4
Threatray 287 similar samples on MalwareBazaar
TLSH 6774AE10FB90C035F5F722F44A7AC3F8A5397AA15B2491CBA2D51AEE16347E1EC3135A
Reporter abuse_ch
Tags:exe RedLineStealer


Avatar
abuse_ch
RedLineStealer C2:
http://nnanch.xyz/

Intelligence

File Origin
# of uploads :
1
# of downloads :
93
Origin country :
n/a
Vendor Threat Intelligence
Detection:
RedLine
Create hunting rule
Link:
https://www.capesandbox.com/analysis/117926/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
DNS request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
RedLine
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/612415
Signature
Detected unpacking (overwrites its own PE header)
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Yara detected RedLine Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
redlinestealer
Create hunting rule
Link:
https://mwdb.cert.pl/sample/0e09d3298aae4a2a440ae32321a8f6db607e9cb072156b17eb8fb12b212c1cf6/
Threat name:
Win32.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2021-02-18 19:41:42 UTC
AV detection:
12 of 47 (25.53%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bye5gkmkvzfcurak4mrsdkhw3nqh5hfqoikwwf7lr6yswijmdt3a._file
Verdict:
malicious
Similar samples:
42b653a004ebf20afd1797fa69fe13dc18c07281befd059d21c3f5f994b33723
RedLineStealer
5880defb149df28092091f832476cbabc5f67c8f59e87f3c922204a8ec461791
RedLineStealer
7ba598295df994536137bc987b00344e609035b56a40c93354cde719cd4a2989
RedLineStealer
8a95b66aae855ed6728be5d7c5a43334333e2370291829b9c075d4319976366f
RedLineStealer
935d741a26dd18d1f300d3218823bcc84481017376e48693840853d7607f4e60
RedLineStealer
afed0a47186fef3c335df0a826aa6629133613755da5ca465b444062831124b4
RedLineStealer
b666325729d0aa8e49292441558e945d0075439d6e6a544181fe708864835383
RedLineStealer
d353814302791cd7f3478cf31f979efd244a6dd3ec9b0d1eb77227f584158a54
RedLineStealer
e07e702d1247fd8b230d21bba94b581f65f27e811c59a28896fcea29ddb3d2de
RedLineStealer
fc75e0db35a8db7c56bc4c3e45532fc32293270ea477f891c7b0556f93a74b80
RedLineStealer
+ 277 additional samples on MalwareBazaar
Result
Malware family:
redline
Create hunting rule
Score:
  10/10
Tags:
family:redline infostealer
Link:
https://tria.ge/reports/210219-nrnvr9fvpa/
Behaviour
Suspicious use of AdjustPrivilegeToken
RedLine
RedLine Payload
Unpacked files
SH256 hash:
f00aa054f271eca0ec39b33e958fcc41f1be8573c3d2b8f6c513220033d74751
MD5 hash:
beb818c10a11bd68c4f67557c58e277a
SHA1 hash:
e4dbf406590cecf0eb85938f7e079ee5d8236850
Link:
https://www.unpac.me/results/b5c71b6d-a58e-4b0f-a1a6-7e7dc7d17ded/
SH256 hash:
3653e7ee9be764ca55ece85b5b7b1fe10bca573668eae69eb97857b6a5c6cb8a
MD5 hash:
ee3af1cfda01cce1b86393d43751813b
SHA1 hash:
6bd4561057695b26bbc1478c7882ca64a223aabb
Link:
https://www.unpac.me/results/b5c71b6d-a58e-4b0f-a1a6-7e7dc7d17ded/
SH256 hash:
a0c4ded5d46fbcb55cce71bd7d44eb1f7e6ce2ce210e1adcb6e3b2357b286342
MD5 hash:
0fa461f4c9b41cfcfba778b75628b0c9
SHA1 hash:
33fffc6043f8c624964cb939f4523e6155d3f557
Link:
https://www.unpac.me/results/b5c71b6d-a58e-4b0f-a1a6-7e7dc7d17ded/
SH256 hash:
0e09d3298aae4a2a440ae32321a8f6db607e9cb072156b17eb8fb12b212c1cf6
MD5 hash:
41ccae281672141f14028e730c70b618
SHA1 hash:
02de56652fa90ab1304c4b22f394ba9d5e132dfd
Link:
https://www.unpac.me/results/b5c71b6d-a58e-4b0f-a1a6-7e7dc7d17ded/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0e09d3298aae4a2a440ae32321a8f6db607e9cb072156b17eb8fb12b212c1cf6

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:MALWARE_Win_RedLine
Create hunting rule
Author:ditekshen
Description:Detects RedLine infostealer

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe 0e09d3298aae4a2a440ae32321a8f6db607e9cb072156b17eb8fb12b212c1cf6

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/117926/
  
URLhaus
https://urlhaus.abuse.ch/url/998432/
  
Delivery method
Distributed via web download

Comments