MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 110f27da9c8dc85e0c193a5d4bdade5019e4a1f9ffea49e9b3dc8eb069e2dbcc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RedLineStealer

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	110f27da9c8dc85e0c193a5d4bdade5019e4a1f9ffea49e9b3dc8eb069e2dbcc
SHA3-384 hash:	74ee620dcfdd34e76c4389e5b24d3d6818bc896dd9de6f4a695ede51bf099897aa4a7df813f8a2528a5a5afce2cb8ede
SHA1 hash:	133c6fad900d31560e7c9cef4c3e165d5a0eef0d
MD5 hash:	f0e78138a46c15ff670e082550ff90d5
humanhash:	indigo-july-bacon-sodium
File name:	f0e78138a46c15ff670e082550ff90d5.exe
Download:	download sample
Signature	RedLineStealer Create hunting rule
File size:	591'360 bytes
First seen:	2020-06-28 07:20:49 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	c8c1081c2ddb7701cfa5e0b911188831 (2 x RedLineStealer)
ssdeep	12288:8YFTaJo2jA+ixNsi+eEZEzehM5pKADlU+hirGq/8q+Rg9Qd8F:8CaJDM3xNueeJa5pKqS+h2GqH+r8F
Threatray	41 similar samples on MalwareBazaar
TLSH	A5C412213694803AC7A729B284B586B19A3B7D335A34458737A4E73FEDB12F05F38716
Reporter	abuse_ch
Tags:	exe RedLineStealer

abuse_ch

RedLineStealer payload URL:
http://greenpalace.top/brazi/testoviyjuki.exe

RedLineStealer C2:
http://195.161.114.33/IRemotePanel

Intelligence

File Origin

# of uploads :

1

# of downloads :

91

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/15148/

Detection(s):

SecuriteInfo.com.Malware.PDB-11.UNOFFICIAL

PUA.Win.Downloader.Aiis-6803892-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

Creating a window

Sending a custom TCP request

Creating a file in the %AppData% subdirectories

Sending an HTTP GET request to an infection source

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/110f27da9c8dc85e0c193a5d4bdade5019e4a1f9ffea49e9b3dc8eb069e2dbcc/

Threat name:

Win32.Trojan.CryptInject

Status:

Malicious

First seen:

2020-06-28 00:37:20 UTC

AV detection:

27 of 31 (87.10%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=cehspwu4rxef4dazhjouxww6kam6jipz77vet2nt3shla2pc3pga._file

Verdict:

suspicious

Similar samples:

01c399028ad16abaccdf9d4a200bc6146e06e20636c7111622d78d9393a2c7e1

0d204a3dcd80cbbf3063bfa130f163a4281c56bab9a5017faf6307025b5c829d

1c76b631dd54f736e8bf3c822ab85e167c91fa18f19b7f38cc57e0aa4cfb6511

358178b74d9ff1457dab5015e5d10aa18a3b95d50a5a821568886672dfde97f3

44ccaaf3cc76edd1e184d8c65b13db79638fcbf8ed37b5883c34a1a8a7700901

619ed29c59b4f6a8ad37d7ae185713c12899726ed88fcc03524430669f4a3c6c

8499aa17997bfbe03592e33e82df1c674f1b57ba3d372355e690b9468ea6fea2

92b8718fd64c7d13e9ea54a69ac7c1a52b57680d34c74d38c2b8ac1eb53f217c

ba244c534e6a0eedb496e840881c5401c3640fc317b601da17ca84570e1e181a

cb0d1f942e077021cc2fe8cfb688abd294398e407e9f5f851f35fddeb5e30bf9

+ 31 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

6/10

Tags:

evasion spyware trojan

Link:

https://tria.ge/reports/200628-qqpskab9wx/

Behaviour

Checks processor information in registry

Modifies system certificate store

Legitimate hosting services abused for malware hosting/C2

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

URLhaus

https://urlhaus.abuse.ch/url/401438/

Cape

Cape

https://www.capesandbox.com/analysis/15148/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample