MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 14ec56bd0fcc57afecaa43f81321aeae0ab3a21ea79e5ad4bc0b73ebd08b959b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 14ec56bd0fcc57afecaa43f81321aeae0ab3a21ea79e5ad4bc0b73ebd08b959b
SHA3-384 hash: 6a969e0bfc0cef4ff6a7695d812d9eaff68ae0c4ab6e793605e4402689da18710006ac642b2e6d75f2f65989693921fd
SHA1 hash: 6f4bc4855ffa7abb943968f79e218b7647599a50
MD5 hash: 3b443b3d248b18808f5cbaff8a4fb80f
humanhash: cola-south-potato-lion
File name:3b443b3d248b18808f5cbaff8a4fb80f
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:347'648 bytes
First seen:2021-11-05 23:35:09 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9e4746628ebaf71569a51552a1011d76 (6 x RedLineStealer, 3 x RaccoonStealer, 1 x Smoke Loader)
ssdeep 6144:TMkpFgVVlkFSxm4StKwAR71nsfiPBM9mczMdCWU:TMkpvltHAR71nsfixL
TLSH T147749D00ABA1C039F5B252F879B693B8B53A7DA19B3450CF13D52AEE56346E0ED71703
File icon (PE):PE icon
dhash icon badacabecee6baa6 (95 x Stop, 87 x RedLineStealer, 62 x Smoke Loader)
Reporter zbetcheckin
Tags:32 exe RedLineStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
128
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/202845/
Detection(s):
Win.Trojan.Generic-9906244-0
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
greyware
Link:
https://www.filescan.io/uploads/6185bfe52084b424af0b0d89/reports/2b1fe82a-fcde-479a-ae8c-8d20e70e1ba3/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Malicious Packer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/de346ff2-0d23-4d05-9c79-f8b74c192e9f
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/14ec56bd0fcc57afecaa43f81321aeae0ab3a21ea79e5ad4bc0b73ebd08b959b/
Threat name:
Win32.Trojan.DllCheck
Create hunting rule
Status:
Malicious
First seen:
2021-11-05 23:36:05 UTC
AV detection:
17 of 44 (38.64%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ctwfnpipzrl273fkip4bginovyflhiq6u6pfvvf4bnz6xuelswnq._file
Result
Malware family:
smokeloader
Create hunting rule
Score:
  10/10
Tags:
family:smokeloader backdoor trojan
Link:
https://tria.ge/reports/211105-3lkjlsacbp/
Behaviour
Checks SCSI registry key(s)
Modifies registry class
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Deletes itself
Drops startup file
Downloads MZ/PE file
Executes dropped EXE
SmokeLoader
Malware Config
C2 Extraction:
http://misha.at/upload/
http://roohaniinfra.com/upload/
http://0axqpcc.cn/upload/
http://mayak-lombard.ru/upload/
http://mebel-lass.ru/upload/
http://dishakhan.com/upload/
Unpacked files
SH256 hash:
2d42354cb59833a247375928187032beead3c641520e36824fce6f48b126d8a6
MD5 hash:
38fa5abed729083474ad8e1084b03b6d
SHA1 hash:
707a3feb91f1242f57bdd9fb6b3852462b64a985
Link:
https://www.unpac.me/results/26ad0468-0383-4ea0-9099-419c9f95166b/
SH256 hash:
14ec56bd0fcc57afecaa43f81321aeae0ab3a21ea79e5ad4bc0b73ebd08b959b
MD5 hash:
3b443b3d248b18808f5cbaff8a4fb80f
SHA1 hash:
6f4bc4855ffa7abb943968f79e218b7647599a50
Link:
https://www.unpac.me/results/26ad0468-0383-4ea0-9099-419c9f95166b/
Malware family:
SmokeLoader
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/14ec56bd0fcc/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/14ec56bd0fcc57afecaa43f81321aeae0ab3a21ea79e5ad4bc0b73ebd08b959b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe 14ec56bd0fcc57afecaa43f81321aeae0ab3a21ea79e5ad4bc0b73ebd08b959b

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1744444/
  
URLhaus
https://urlhaus.abuse.ch/url/1755713/
Cape
Cape
https://www.capesandbox.com/analysis/202845/

Comments