MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0fc6717ef7ff0ae8d2a2add4303127af4693cfa5abb81a5a3a3e06b079051b8e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0fc6717ef7ff0ae8d2a2add4303127af4693cfa5abb81a5a3a3e06b079051b8e
SHA3-384 hash: ad5f4513d75e989f802b867c6c37509d9de18c85e6c8bd4eaa692f2cb2eec8ff80d1597d3cb4384aeb607c1416a5254b
SHA1 hash: 75749fbe377a562351a82cd24313e569c9f5c450
MD5 hash: 2cfc6177526dc8426a0258d1ff283e90
humanhash: connecticut-magnesium-vermont-hawaii
File name:2cfc6177526dc8426a0258d1ff283e90.exe
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:586'240 bytes
First seen:2020-06-28 07:28:43 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c8c1081c2ddb7701cfa5e0b911188831 (2 x RedLineStealer)
ssdeep 12288:0YFThhlh8hOYV6XlCji1wG+KNhW8ZdDhLsVXiV4RwGV0U843H:0ChhlhAbmRmG+n8ZdDhgiV4RwGJ8C
Threatray 40 similar samples on MalwareBazaar
TLSH B2C412113240E135C8EB5575A486F2A12ABEE4714377C4577A643F3FAEB02B04F37A9A
Reporter abuse_ch
Tags:exe RedLineStealer


Avatar
abuse_ch
RedLineStealer payload URL:
http://greenpalace.top/brazi/testoviyjuki.exe

RedLineStealer C2:
http://195.161.114.33/IRemotePanel

Intelligence

File Origin
# of uploads :
1
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/15152/
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Sending a custom TCP request
Creating a file in the %AppData% subdirectories
Sending an HTTP GET request to an infection source
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0fc6717ef7ff0ae8d2a2add4303127af4693cfa5abb81a5a3a3e06b079051b8e/
Threat name:
Win32.Trojan.CryptInject
Create hunting rule
Status:
Malicious
First seen:
2020-06-28 00:45:00 UTC
AV detection:
26 of 29 (89.66%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=b7dhc7xx74foruvcvxkdamjhv5djht5fvo4buwr2hydla6ifdoha._file
Verdict:
suspicious
Similar samples:
1c76b631dd54f736e8bf3c822ab85e167c91fa18f19b7f38cc57e0aa4cfb6511
RedLineStealer
358178b74d9ff1457dab5015e5d10aa18a3b95d50a5a821568886672dfde97f3
RedLineStealer
3cdd5ac1f77cc8ff3004c12ab7509caa9a451594768de26fee42ab76c609c239
RedLineStealer
41d2f9ef245a688081894e9983a5094d9beb6d84bda7d057ecc15a247aea6a06
RedLineStealer
44ccaaf3cc76edd1e184d8c65b13db79638fcbf8ed37b5883c34a1a8a7700901
RedLineStealer
5b5eab7a12fdfc6cc39e39193b7a9020ee46e72acac70033236ef9b6b2da32c7
RedLineStealer
6c90f16a6932be921cbb44b9e4531cf36e5ded6d5dd0016c4309a56ab8a96461
RedLineStealer
8499aa17997bfbe03592e33e82df1c674f1b57ba3d372355e690b9468ea6fea2
RedLineStealer
ba244c534e6a0eedb496e840881c5401c3640fc317b601da17ca84570e1e181a
RedLineStealer
f2f2725fc1a43dbacb8fcbf59fe0500f0ef9d9f7f8d6a6a0745b800f006e7a39
RedLineStealer
+ 30 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
evasion spyware trojan
Link:
https://tria.ge/reports/200628-qvw1wgj6vn/
Behaviour
Checks processor information in registry
Modifies system certificate store
Legitimate hosting services abused for malware hosting/C2
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
URLhaus
https://urlhaus.abuse.ch/url/401438/
Cape
Cape
https://www.capesandbox.com/analysis/15152/

Comments