MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 14c7201d0b2c0e092c9155ed9f267890db794398cf0bd70e1d9cfe0c98784a67. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 11


Intelligence 11 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 14c7201d0b2c0e092c9155ed9f267890db794398cf0bd70e1d9cfe0c98784a67
SHA3-384 hash: 4a1439a3550ab5ef6c41ba6978e3216e88c229b04d81f54077d6a289e72d05947effa20bb0c66c3028a5233960c04a23
SHA1 hash: cf27fe5b40189430112f57dabe4bfa01f1b0e6f5
MD5 hash: 412b324766f7a863104c7e12c17211f1
humanhash: solar-glucose-indigo-sad
File name:file
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:737'280 bytes
First seen:2022-10-10 20:59:00 UTC
Last seen:2022-10-12 05:18:59 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 65630e32ca19e44a53e696246bd1cada (4 x RedLineStealer, 2 x ArkeiStealer)
ssdeep 12288:vSypcKrMXnVVLsx7i0iomPVGYmp7aGEiN8e1HDIXIrlGSTEnhuXBwz4tM5Aq:aypcKOnVVLsx3EijHDqIrl+nRm6T
Threatray 328 similar samples on MalwareBazaar
TLSH T10DF48D1134B080F6DAB339328E69F2B44A7DA4311B1256EB53C8197A5F3C6E26E3553F
TrID 32.2% (.EXE) Win64 Executable (generic) (10523/12/4)
20.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
15.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
13.7% (.EXE) Win32 Executable (generic) (4505/5/1)
6.2% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter andretavare5
Tags:exe RedLineStealer


Avatar
andretavare5
Sample downloaded from https://vk.com/doc638734270_651389434?hash=uYiDk3bZxZL8VYGvsfJYRPCV9lFgIbCo3pH8ByYUS1g&dl=GYZTQNZTGQZDOMA:1665427309:mZnv4RClde88LGCeixwFafHXM0TMJ9n1YQkuhnf09oo&api=1&no_preview=1#gr1402

Intelligence

File Origin
# of uploads :
24
# of downloads :
261
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/318649/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a file in the system32 subdirectories
Creating a file
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/42356/overview
Behaviour
MalwareBazaar
MeasuringTime
CheckCmdLine
EvasionQueryPerformanceCounter
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware
Link:
https://www.filescan.io/uploads/634487971565eeb6424f4500/reports/c66b076f-c5f9-4b98-ab7f-ae9788086d09/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
RedLine stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/d89ff3e7-adb8-47d0-880f-adf1a399dcc6
Result
Threat name:
RedLine
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1087251
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/14c7201d0b2c0e092c9155ed9f267890db794398cf0bd70e1d9cfe0c98784a67/
Threat name:
Win32.Trojan.RedLinestealer
Create hunting rule
Status:
Malicious
First seen:
2022-10-10 21:00:09 UTC
File Type:
PE (Exe)
AV detection:
18 of 26 (69.23%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ctdsahilfqhaslerkxwz6jtysdnxsq4yz4f5odq5tt7azgdyjjtq._file
Verdict:
malicious
Similar samples:
078d24e274e0e065c361f4f91f43c753ea6d419b05f86e2b8de601a1d5eb05f6
RedLineStealer
2c75413b7a7620afab28ee4e9c765bf38a984249c9cb7926ba80335df72e5ea8
RedLineStealer
4bcf45bde8ef34c0afeea288098cf34da11c2748eead6cf4752db1a4a2e79c39
RedLineStealer
71976a8939fca900ea30249c75dc1f462bebf2d9bac2e9900679c59bf2ad00c8
RedLineStealer
c62cf1352a697a30572caaed469cf5c6add3570cada2e4086e4effb14cb848c1
RedLineStealer
ca4320ef76c7959f304cc85826f97c540be44919197b54d81f944e843bfb4f67
RedLineStealer
+ 318 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/221010-zsp6wsddck/
Unpacked files
SH256 hash:
14c7201d0b2c0e092c9155ed9f267890db794398cf0bd70e1d9cfe0c98784a67
MD5 hash:
412b324766f7a863104c7e12c17211f1
SHA1 hash:
cf27fe5b40189430112f57dabe4bfa01f1b0e6f5
Link:
https://www.unpac.me/results/f30e7899-dc6d-4066-b60b-92d7e2cdee68/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/14c7201d0b2c/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/14c7201d0b2c0e092c9155ed9f267890db794398cf0bd70e1d9cfe0c98784a67

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:cobalt_strike_tmp01925d3f
Create hunting rule
Author:The DFIR Report
Description:files - file ~tmp01925d3f.exe
Reference:https://thedfirreport.com
Rule name:pdb_YARAify
Create hunting rule
Author:@wowabiy314
Description:PDB

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Dropped by
PrivateLoader
  
Delivery method
Distributed via drive-by
Cape
Cape
https://www.capesandbox.com/analysis/318649/

Comments