MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0f583723e61b99cc4f3307c332a98040c2d95f4553738c447d7302ccea1c08dc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0f583723e61b99cc4f3307c332a98040c2d95f4553738c447d7302ccea1c08dc
SHA3-384 hash: 1410e7809d0795dbbefa0857fd230b5aba1e2f848c8c826b01d4cd54860eccfa241a759ec79fd8a8f93c909fd051ba1b
SHA1 hash: 123eb6bc33cfb21e7729b2d626ba30e5921384ad
MD5 hash: c85c3285955918a27b8f3c17c0f70673
humanhash: venus-twenty-utah-twelve
File name:Fortnite Aimbot.exe
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:878'592 bytes
First seen:2021-10-31 15:07:31 UTC
Last seen:2021-10-31 16:28:55 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 4702f357dfd397a016277573e927cfb4 (1 x RedLineStealer)
ssdeep 12288:ab2yXYorwxLPabFf9+sXMnE68WDZkUZPnZmU+CTrjkO868OL+y9zF36x6cBwJ:ab2YrwxraBf9+KMnb8WD1ZbJTnm/BwJ
TLSH T1501518C6E1B3608ED7A2B0B90F0156924A470C766B129AF56F35E96B11F37E1CAD7303
Reporter tech_skeech
Tags:exe RedLineStealer

Intelligence

File Origin
# of uploads :
2
# of downloads :
245
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Fortnite Aimbot.exe
Verdict:
Malicious activity
Analysis date:
2021-10-31 15:06:04 UTC
Tags:
trojan rat redline
Link:
https://app.any.run/tasks/e518ffd2-394d-44ce-b1d4-b9a5180ff8f1

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware2.30591.16679.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Connection attempt
Sending a custom TCP request
Using the Windows Management Instrumentation requests
Creating a window
Reading critical registry keys
Stealing user critical data
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
RedLine stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/7b5df33d-e000-4679-b650-1c2cef3800ad
Result
Threat name:
RedLine
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/880021
Signature
Connects to many ports of the same IP (likely port scanning)
Detected unpacking (creates a PE file in dynamic memory)
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Yara detected RedLine Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0f583723e61b99cc4f3307c332a98040c2d95f4553738c447d7302ccea1c08dc/
Threat name:
Win32.Packed.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-10-31 15:04:52 UTC
AV detection:
14 of 28 (50.00%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=b5mdoi7gdom4ytzta7btfkmaidbnsx2fknzyyrd5ombmz2q4bdoa._file
Verdict:
malicious
Result
Malware family:
redline
Create hunting rule
Score:
  10/10
Tags:
family:redline botnet:@durak9876 discovery infostealer spyware stealer
Link:
https://tria.ge/reports/211031-shwscschej/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Reads user/profile data of web browsers
RedLine
RedLine Payload
Malware Config
C2 Extraction:
95.181.152.7:46927
Unpacked files
SH256 hash:
57208432be00e1c66865c8869fd936a4fd3b91160ae35ea8cd3da722f3b5c98e
MD5 hash:
e897f7990d5e14f34f7dcf51d362fff0
SHA1 hash:
a535d30ed5681bdeddc77bebfb8ea88cb4799894
Link:
https://www.unpac.me/results/b47c658d-2bee-46ac-9003-847d35e4f04d/
SH256 hash:
94ae902e8132bfc2b3a11f5445c91fcdbe57228a1c3171042cc1962ce441e0c0
MD5 hash:
46e28cb2b63932e2a6dce5fe77647f36
SHA1 hash:
7adae81570469e3935b8b290c05bf55b8cbdcc16
Link:
https://www.unpac.me/results/b47c658d-2bee-46ac-9003-847d35e4f04d/
SH256 hash:
0f583723e61b99cc4f3307c332a98040c2d95f4553738c447d7302ccea1c08dc
MD5 hash:
c85c3285955918a27b8f3c17c0f70673
SHA1 hash:
123eb6bc33cfb21e7729b2d626ba30e5921384ad
Link:
https://www.unpac.me/results/b47c658d-2bee-46ac-9003-847d35e4f04d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Redline
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0f583723e61b99cc4f3307c332a98040c2d95f4553738c447d7302ccea1c08dc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe 0f583723e61b99cc4f3307c332a98040c2d95f4553738c447d7302ccea1c08dc

(this sample)

anyrun
any.run
https://app.any.run/tasks/e518ffd2-394d-44ce-b1d4-b9a5180ff8f1
  
Delivery method
Distributed via web download

Comments