MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1354fea783bfe2d72267bb11cd26ddd9850b93ad93592d9b8e48eb072cfdfc68. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 17


Intelligence 17 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1354fea783bfe2d72267bb11cd26ddd9850b93ad93592d9b8e48eb072cfdfc68
SHA3-384 hash: 20d125321df158fe3047b42e04ea0c466a0fd0c2394e8836b29d36ce5885f3beffedb1d9bd38113fca29ac419813364c
SHA1 hash: 76fbc6dd6393febe80fc382f9de49eb5941dc3bf
MD5 hash: 32c8b3b5e43f7f5899f1f3c275cbdce1
humanhash: blossom-ack-social-kansas
File name:32c8b3b5e43f7f5899f1f3c275cbdce1.exe
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:324'096 bytes
First seen:2023-02-18 08:52:14 UTC
Last seen:2023-02-18 10:30:27 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 29a62d14d89b432fd6115525abce5c2c (9 x Smoke Loader, 6 x RedLineStealer, 1 x TeamBot)
ssdeep 6144:j74d0qHFE2y1MPE2+XfKZwFMHhJglGgvn+kEhF3DalPcSSOS:34l+1MPKXeYlpn+bDavSF
Threatray 5'949 similar samples on MalwareBazaar
TLSH T10C64F11333D09475F11741358E25D6E5AB6FF8705E76AABF378A452F8E70292CB12312
TrID 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
15.9% (.EXE) Win64 Executable (generic) (10523/12/4)
9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 909ccac2cad2eae6 (1 x RedLineStealer)
Reporter abuse_ch
Tags:exe RedLineStealer

Intelligence

File Origin
# of uploads :
2
# of downloads :
188
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
redline
Create hunting rule
ID:
1
File name:
file
Verdict:
Malicious activity
Analysis date:
2023-02-17 07:47:34 UTC
Tags:
trojan rat redline amadey loader
Link:
https://app.any.run/tasks/44622f85-7669-41d0-a3fb-79f3076b5832

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
RedLine
Create hunting rule
Link:
https://www.capesandbox.com/analysis/368035/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.65548561.17187.22667.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
75%
Tags:
greyware packed shell32.dll
Link:
https://www.filescan.io/uploads/63f091f07879a4d2f8796f91/reports/8d3a9a45-9114-4e45-8364-75b0c1175dea/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/1354fea783bfe2d72267bb11cd26ddd9850b93ad93592d9b8e48eb072cfdfc68
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/25850716-ae61-497e-a9dc-983191c1dbd7
Result
Threat name:
RedLine
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/1178454
Signature
C2 URLs / IPs found in malware configuration
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected RedLine Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1354fea783bfe2d72267bb11cd26ddd9850b93ad93592d9b8e48eb072cfdfc68/
Threat name:
Win32.Spyware.RedLine
Create hunting rule
Status:
Malicious
First seen:
2023-02-17 07:34:53 UTC
File Type:
PE (Exe)
Extracted files:
14
AV detection:
25 of 38 (65.79%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=cnkp5j4dx7rnoithxmi42jw53gcqxe5nsnms3g4ojdvqolh57rua._file
Verdict:
malicious
Similar samples:
15c7210b8e1124410b66decd175f9cb0a581db6e73c9ba7989fded4d55e44c29
RedLineStealer
1768ea77450303e9ea6d8804c5b434889339fc72f15edff4ae38e7476fbb5cf3
RedLineStealer
332af0412b27b7bba48f1cfc2382f82a968e604490ba066f072c46e2699221fb
RedLineStealer
48a740dc78da8ef78e04769e38d039adb0a6b83960ba32ad384ad03e50f613f7
RedLineStealer
62789153e6a8d8b66b9e5130cfe6963228e0f5d3131de2375ee86284b234d887
RedLineStealer
7b906e4179129da2cf39f1b987286096d88d37285b40445d4a3a2f5ceb12a1cf
RedLineStealer
7d432ac92112863269188adafcaa027801f472e3d0ee3c3fe0afcf0fab658470
RedLineStealer
b860053a0af9fe48a31462e091dd488187e0a3f5fdb3190147491ae7cdae58d1
RedLineStealer
c73107850c99b228d9b462157a53f1b8578c67bb01f12b1a8c90111d46e79c9c
RedLineStealer
daa43650b10ddb159a8db3f7b694135b6f9f2cda89a6a999fda5e204c0ac0685
RedLineStealer
+ 5'939 additional samples on MalwareBazaar
Result
Malware family:
redline
Create hunting rule
Score:
  10/10
Tags:
family:redline botnet:ruma infostealer
Link:
https://tria.ge/reports/230218-ktbbssbf67/
Behaviour
Suspicious use of AdjustPrivilegeToken
RedLine
RedLine payload
Malware Config
C2 Extraction:
193.233.20.13:4136
Unpacked files
SH256 hash:
0f1bf709716c0cbb0a18f6139f8cc0f3feee59ba106ec5901332aa0993e9d8e4
MD5 hash:
ff04aa3c34a045221b207c55c4e046a1
SHA1 hash:
f3837d2d477432fd60a70c2388ceeae4f3d349b7
Detections:
redline
Create hunting rule
Link:
https://www.unpac.me/results/37d8b3f5-fa45-4e9a-b777-ffd88d97edee/
Parent samples :
bd229d944fbb7266329eda429de3ac07f2a89729ee91d1f9dfda73ea3b6691cc
af93831b036b9986dfec722c03c1b700dfc5241d8275c3bda3c5b1ffcc1f983e
5d64c5c6e245fc0ae8c251818229de82f2392b199e9b3c1bae89988ad845b79e
7fb04bf2e24442dcc49441d71d45fd196ac989256faa0e78718cc388d30f7b4a
ff491d1ee54504c3ecf9700f5c8bb4155a5dd9b6b67e16a91e1e7ed515f7c9dc
42ff764c2e6f0d6177436238331340e11c4235bee8a50decfb435eacf90c1cb1
92fe7eac3dd1136d0618a72d3ffecd00bfd54e14fe27048422aad8d1abdd6d63
978ba49d259ce7f6f5d4dd8cc1f370c8f9f719e214ce757b8e8d48af35c80071
499584feff8a289d454fa6ed73126fe7fb814f43ab169c503546827792db517b
b6f1b62a9fa86c46f44982497c6d72cb09bfc8e962fc9d13d1e38e31fb6a8a5f
5e8dd0413ca112e7716480c079c5b2b34fe73119e8b2bb36bd50ebf192026a3d
9a7ceb9ee65d555df0dfd7ce1e3f4b0bfc85b6fc61e8186b0dab4131b8c4f897
9255b7a154698669aa8d751692d350651653054f0190f4963e8c28edb37afcc5
e0b2cf67e6a58b2c01ab69cf7d930a53d25ad46733adf3a096dbbbc07e41be99
ed7564fa597008ff58751fbb89d985271b9cb0f08fe8cfccf17d3dcb3f02fc88
5dddea590a2fa5de71f11a70e98cec2735f106ebe59d84c79f465c2744b89556
f50d5cdf875c052345d4875f9f8bdebf366cdd934b040478348311d6a727b00b
6d970cd9b229762b5d05ef501d9cedba21ade704a46440db94c89a79ea39d7af
f6de5bd586acab25601fad5c264df3e963ebe1b9fb131f8f2d2ac91cfd004489
e9e99a2fcd7d34c736096070446abd274b2a55e1b303f71586b0da8fe99d85e9
348e52ae011426668da86551a638237f233048ed572f5cce5d083397e5ccf60e
e7e4ea17c36818e1c78ca9ad8b90cba0d3557dc9b82be752c9709265848e6ff1
1e55c8ff6e68cb300f581fd5003dd36f35835d00f9c8938a3a0eb9b7cded4875
d61b4827cb0d7b171b3564504537d37a60586ab8f685ebe7d3b4d63f15e1b53f
c047fda7a03ed532d6f7e5a61837cd02a08632927ee53070503f80ba61237349
705ceb57d7352085b86c2b965a841e4ca67625e1867caf6d3a5967362c0d7f44
e214beb3dee97aee5346afe0da19313e2f822a2cb198546e829f86ffe6183e8a
08164b53aa83981e99aaf5509021b8c8dda3142c5bf9cd5a98e2e4ce69bc9a64
9a777a1e92e31b1137c0d90c749eaa78e34e79a8708da66edacd997b52ca0478
597ecd3175523d6f845ce0c95b627162a6b4aa25628b904f374f73e6cb2eef8c
18f87ea211c82cd42006807474b098becbfe5965bc74a3618ec569bab352b83b
cc93919e6684e3ffe427c43ed1cb6ad19d62db8953cd05872314308b1441a322
39f57917ecd9fd076bd7a9f7061e22ec0d5856bb7a999dce746af996d6eac8c8
35451ae63297d6ce45c14fae434d2dde344967e7280b2331fe2bcba787982670
a49071caacb938f2602eab78925d1cb38ce8fe180d3db37a91a58b49c912f265
6ebcb40edbd94d362667afe369fd2ee921806e5aab63e6e24d2186d4c171541f
6f1b87fa9b8038c2a9be20951850d9228d161864c62ddd613f02ea6b3125e041
ecd5d1edb042c9c0f1a5f1bae86a012b32536a6bada4a131e3620df23edb709b
1f9bd2dcfa73510c5f0a90874e15d817fbca395a2d76a9789df2703e24b0d6a6
949367ae0934ae2a5f1afae2e279972611682d72046d08a38c7372e45dbe82e8
ca2b847a4271289f6ae24949946abac595b9532f78bafadd701bb9e119bdb085
00ee45e1829436be207411080fbccd1d736b62a4ede212c5c7d1e15a1b07f9e1
bd66da5fd5fef2379833773f9473bbdef7ff4de23cee8f69caa49abd556b9fd9
2f5e3f426fd29b9cdb548e752ac502a438c3d5b8c1f2819e28dd8680509bfd42
73e8a8bd99536f3ecf3ff19916c57295e1f55de8a69e6628f0b978edece2b93b
218f9f3b023290c067c955b6372cbe21cae39ea1a1d40e50e6f9c98d80609359
76cf22fae13d3910f82b18e8ff52bf015e3d0859b321289c0e6d704774dcf5d8
9c3579244aa0c04d72385b0149c33faacb6bbb861e4242a58c6388dc49bb1fcd
3f201ce75b624c56d73e6aa11e0d93825455d0ee88d3fdcc8e2f3bafae6cc739
db888c33e99939779647619d4a2926d6592b62b96fae1794d5c4bcca86956f16
2c2c053f74d01764f4a9abd1a9d628863a481471a8b26ecb7125ed23412679b7
a5833d8b3e53a76b0eb15d89d26572fc5f27d74d13a0eac2ed340abcab5e8edf
39ee2b5eeb33f1d4a22341f239868e5d912e620ea5c0eaf9a724142162dd26eb
d10dcfa28525956355b04e4c6d9f3717ef5600571127bd176f061c3d5f938bb0
9a0d523224ed382417674d3fd72ae39d3d6b81c6614476f75005569236886b36
c64eba5a3cfab5b2ccd4adbe972f914b7559d4849453e64902cf89bf560acea4
688a29652cac1608b34b9e7767b5417b4b7599c8779464437ea9b0d4bb53f5a6
14189c6cb21e6321c2c2764e53a98db537326d15cbc6513918146fcf256399a2
c2b05e9bf23cfa7dfaabb7e0d42c29c1f27db73568672054004d13eaad96ef92
b171f2ead3f8742a1270463e0187d726a5094902269e4a41ed73b4e0f4dbd1ab
e9d1df7bf986c1e6ea28266c075b19598edcd6c3d20e0d57968f27263d2edb3a
971b14529405a8774ceb5552f3f12fcf455f530e567b71ae043ef166f4ff9d4f
7b12c149e0d943fbc0257a3dfc1886c41dde6501c51512bace9deef83fdd309c
71bf21faa374d57537ff7444a906edceb19ded4dd18749979db7b07672b7b9b0
8611a9dca789986cf828bf4447048ba6d1abf0ac1c66c04d2f1bdb69614e7ac3
f0fb5e4f2519743894d24989e741f3d720831465de18c8620e638a9c82fe1130
de682dfe6a228067968add72288ef45c3f9a853b72358ba5fd2da035a9c8551f
1fe28479e42351ecb3ae531321e56803d7aba556c51e79a9c99ae8cd002706d7
387ce7da8729de35647c1d3c5bb61dd8981cef3d26b898cdf6c24a527cc63574
5465f68cae00f40317098dec592d37a647607b23dfc78c0807bd68de85961ab1
64425f2f481ec70d16dd8affb1b3e9cc9b66e04c6fbf7c7757d49902f6ad3685
6920003241592d0be081802a3f478db23ae2844e8db5e2ffcc3bb9858fb4f4aa
766fc8ce449dd7f4587c09d5bffeb010c4ffe1744519b7780d4c782456634630
ba9b4c4a197f6925b1849b767dd9d3828fcb8d8efa091da94bb542e44af9ce6b
98aefdb22469ffc15030589ae600294f9749a0a8a09765f9332595f3558e971e
6c77ed549c36842a09322b79d4406731af302b40b0761ab9ea3bf6d1be2fc898
a277db122d9d03cc538031647692325d245c956c1c7959f51d0fc65e662179e2
3f12b77a2f5d3b5399a957b765c4ec42143efe19ef470ae87337df56e90bfd84
d2fa5e35438b765bead7979043dd150d99cddca4164471d8ee9ed75f78bd8046
615dddcea36f651243edb8656ae72ea07e84ffc83b0524c6341200573fcf3346
8f318d927ec360b7c0253704bdc6f688273a4bbdae88b14366e4210c94e36203
6105895a641a7c7a75c8ae9dcf84348e7994a11d4fe2fcc0fd3a129785b520e1
52e1065ebf95aff0ec2ad29b7436ebf61a8fa6749b2f8811089a13c72bef8651
946d8fabd054c9bea875b493fb2d5b00cff63202510b651fd5947d3a8c5d188f
0c03276ca27012cd6a8889664e261b98da41b0f80f587db4b3d97ad6a76690cc
11cb0836d621aff8e70f35f86126252741a2041a78a5d493a64eb65dd6c2b2c5
28d65c13ce93425c2ce7ddcd960ed85611ebf717aed8fd108fa090b689f86f13
4cccb853d1425b58a2ed53336e9cb00742581d172701feb527eb4fc716112238
e9c489e19f7466eb5509102f0eabe682e0cdc835bdeb22fd2eaacb8742705767
a8fb13aef5dafccbee2d454155197e472fa8b7f31a2a9fde7038e65785d603ea
f694dfbcdf1d702da1ac259657feee06e660643ac3b2618afb6623eb7a548303
d6e7b34117bc3ba8856ab3e0ec1c078093a98b748037d1268f522d30a088ecdb
b1815b0e3973dd924ea6588a7198d1b203ff65969027c91a52e3f2d2659d4652
ca60ca16b334f7b73b73e626409e55ca9736b85f9abf07dd4df72b1b1cb57345
d84774f8a9f2f7b6915aff68963dbd4f748a045eda5a61ebbed88c15134344b2
301891941f3791dcf7239324e82bba9b891ab4fcc53c27f0944a775db3a66e61
f55d3af362ec88c0ef726d03164b93a0d56d11642f1ca6b4b3f2ce4485ccf5f2
6e74bf28e590cdf7f48544ae52bed6b79d490d454776ac45fe30d6b3a3594dde
1354fea783bfe2d72267bb11cd26ddd9850b93ad93592d9b8e48eb072cfdfc68
SH256 hash:
e225e0d603ee79a2d811905d6d4b497ad02f10df233eda04d1768df7be357e62
MD5 hash:
99b38a3a083e640d381d222943cb75a0
SHA1 hash:
b98a5d14d7ba5be3fbd6d8ffbcaf2be53512160b
Link:
https://www.unpac.me/results/37d8b3f5-fa45-4e9a-b777-ffd88d97edee/
SH256 hash:
8ce1411b40e4f63bf734868d8983b57128d135c45e4a83f7334f87f2b27644b5
MD5 hash:
6a98f389b7888b367b67221fc592cb5a
SHA1 hash:
6a9d31275097a2b078385c94271912b47f73a4d9
Detections:
redline
Create hunting rule
Link:
https://www.unpac.me/results/37d8b3f5-fa45-4e9a-b777-ffd88d97edee/
Parent samples :
bd229d944fbb7266329eda429de3ac07f2a89729ee91d1f9dfda73ea3b6691cc
5d64c5c6e245fc0ae8c251818229de82f2392b199e9b3c1bae89988ad845b79e
92fe7eac3dd1136d0618a72d3ffecd00bfd54e14fe27048422aad8d1abdd6d63
b6f1b62a9fa86c46f44982497c6d72cb09bfc8e962fc9d13d1e38e31fb6a8a5f
9a7ceb9ee65d555df0dfd7ce1e3f4b0bfc85b6fc61e8186b0dab4131b8c4f897
e0b2cf67e6a58b2c01ab69cf7d930a53d25ad46733adf3a096dbbbc07e41be99
5dddea590a2fa5de71f11a70e98cec2735f106ebe59d84c79f465c2744b89556
f50d5cdf875c052345d4875f9f8bdebf366cdd934b040478348311d6a727b00b
6d970cd9b229762b5d05ef501d9cedba21ade704a46440db94c89a79ea39d7af
f6de5bd586acab25601fad5c264df3e963ebe1b9fb131f8f2d2ac91cfd004489
348e52ae011426668da86551a638237f233048ed572f5cce5d083397e5ccf60e
1e55c8ff6e68cb300f581fd5003dd36f35835d00f9c8938a3a0eb9b7cded4875
705ceb57d7352085b86c2b965a841e4ca67625e1867caf6d3a5967362c0d7f44
e214beb3dee97aee5346afe0da19313e2f822a2cb198546e829f86ffe6183e8a
9a777a1e92e31b1137c0d90c749eaa78e34e79a8708da66edacd997b52ca0478
597ecd3175523d6f845ce0c95b627162a6b4aa25628b904f374f73e6cb2eef8c
cc93919e6684e3ffe427c43ed1cb6ad19d62db8953cd05872314308b1441a322
39f57917ecd9fd076bd7a9f7061e22ec0d5856bb7a999dce746af996d6eac8c8
6ebcb40edbd94d362667afe369fd2ee921806e5aab63e6e24d2186d4c171541f
6f1b87fa9b8038c2a9be20951850d9228d161864c62ddd613f02ea6b3125e041
1f9bd2dcfa73510c5f0a90874e15d817fbca395a2d76a9789df2703e24b0d6a6
ca2b847a4271289f6ae24949946abac595b9532f78bafadd701bb9e119bdb085
00ee45e1829436be207411080fbccd1d736b62a4ede212c5c7d1e15a1b07f9e1
bd66da5fd5fef2379833773f9473bbdef7ff4de23cee8f69caa49abd556b9fd9
2f5e3f426fd29b9cdb548e752ac502a438c3d5b8c1f2819e28dd8680509bfd42
218f9f3b023290c067c955b6372cbe21cae39ea1a1d40e50e6f9c98d80609359
db888c33e99939779647619d4a2926d6592b62b96fae1794d5c4bcca86956f16
a5833d8b3e53a76b0eb15d89d26572fc5f27d74d13a0eac2ed340abcab5e8edf
39ee2b5eeb33f1d4a22341f239868e5d912e620ea5c0eaf9a724142162dd26eb
d10dcfa28525956355b04e4c6d9f3717ef5600571127bd176f061c3d5f938bb0
688a29652cac1608b34b9e7767b5417b4b7599c8779464437ea9b0d4bb53f5a6
c2b05e9bf23cfa7dfaabb7e0d42c29c1f27db73568672054004d13eaad96ef92
b171f2ead3f8742a1270463e0187d726a5094902269e4a41ed73b4e0f4dbd1ab
7b12c149e0d943fbc0257a3dfc1886c41dde6501c51512bace9deef83fdd309c
71bf21faa374d57537ff7444a906edceb19ded4dd18749979db7b07672b7b9b0
8611a9dca789986cf828bf4447048ba6d1abf0ac1c66c04d2f1bdb69614e7ac3
f0fb5e4f2519743894d24989e741f3d720831465de18c8620e638a9c82fe1130
64425f2f481ec70d16dd8affb1b3e9cc9b66e04c6fbf7c7757d49902f6ad3685
6920003241592d0be081802a3f478db23ae2844e8db5e2ffcc3bb9858fb4f4aa
98aefdb22469ffc15030589ae600294f9749a0a8a09765f9332595f3558e971e
3f12b77a2f5d3b5399a957b765c4ec42143efe19ef470ae87337df56e90bfd84
d2fa5e35438b765bead7979043dd150d99cddca4164471d8ee9ed75f78bd8046
8f318d927ec360b7c0253704bdc6f688273a4bbdae88b14366e4210c94e36203
52e1065ebf95aff0ec2ad29b7436ebf61a8fa6749b2f8811089a13c72bef8651
946d8fabd054c9bea875b493fb2d5b00cff63202510b651fd5947d3a8c5d188f
d6e7b34117bc3ba8856ab3e0ec1c078093a98b748037d1268f522d30a088ecdb
b1815b0e3973dd924ea6588a7198d1b203ff65969027c91a52e3f2d2659d4652
ca60ca16b334f7b73b73e626409e55ca9736b85f9abf07dd4df72b1b1cb57345
301891941f3791dcf7239324e82bba9b891ab4fcc53c27f0944a775db3a66e61
1354fea783bfe2d72267bb11cd26ddd9850b93ad93592d9b8e48eb072cfdfc68
SH256 hash:
1354fea783bfe2d72267bb11cd26ddd9850b93ad93592d9b8e48eb072cfdfc68
MD5 hash:
32c8b3b5e43f7f5899f1f3c275cbdce1
SHA1 hash:
76fbc6dd6393febe80fc382f9de49eb5941dc3bf
Link:
https://www.unpac.me/results/37d8b3f5-fa45-4e9a-b777-ffd88d97edee/
Malware family:
RedNet
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/1354fea783bf/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1354fea783bfe2d72267bb11cd26ddd9850b93ad93592d9b8e48eb072cfdfc68

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:BitcoinAddress
Create hunting rule
Author:Didier Stevens (@DidierStevens)
Description:Contains a valid Bitcoin address
Rule name:MALWARE_Win_RedLine
Create hunting rule
Author:ditekSHen
Description:Detects RedLine infostealer
Rule name:Windows_Trojan_Smokeloader_3687686f
Create hunting rule
Author:Elastic Security

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe 1354fea783bfe2d72267bb11cd26ddd9850b93ad93592d9b8e48eb072cfdfc68

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2532610/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/368035/

Comments