MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1847e53f0b2d743d51ee222f85372eb4dd452877635ed83f962d76c7293ebd74. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RedLineStealer

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	1847e53f0b2d743d51ee222f85372eb4dd452877635ed83f962d76c7293ebd74
SHA3-384 hash:	4cc0bad75d93b43790cfbe7c4bc58f8db9040cc85e06fb88715795f374d42c24e3af36f3692ea627678165475ae8158c
SHA1 hash:	911c5addf965a51b5908a868ac013a4ed8ba5376
MD5 hash:	71b07b8ebd95e547a239d818e7641812
humanhash:	vegan-nevada-butter-steak
File name:	e2823241477a32fc9f36ff27a429f47b4a7ef1b1999a6e80db4d279b5b73231c.zip
Download:	download sample
Signature	RedLineStealer Create hunting rule
File size:	84'314 bytes
First seen:	2023-11-15 08:41:13 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
Note:	This file is a password protected archive. The password is: infected
ssdeep	1536:/5lurqqIvncJzb/X4saEHD/7fSPRSxlvICxhjhApKnyp9o452tanHAOnDwaMY4:/rurq9vncJzbf4XEHHSpOlvISApKIo4o
TLSH	T1088302C46AAC8AD8C965BE03D7464748AFD0D1C6C5CA777A39727EE81214DE2DF0E843
TrID	80.0% (.ZIP) ZIP compressed archive (4000/1) 20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter	Anonymous
Tags:	Redline RedLineStealer zip

Intelligence

File Origin

# of uploads :

# of downloads :

253

Origin country :

File Archive Information

This file is a password protected archive. The password is: infected

This file archive contains 1 file(s), sorted by their relevance:

File name:	e2823241477a32fc9f36ff27a429f47b4a7ef1b1999a6e80db4d279b5b73231c
File size:	224'768 bytes
SHA256 hash:	e2823241477a32fc9f36ff27a429f47b4a7ef1b1999a6e80db4d279b5b73231c
MD5 hash:	1780b1230d94c0234b70a810628ce1d9
MIME type:	application/x-dosexec
Signature	RedLineStealer

Vendor Threat Intelligence

Result

Verdict:

Unknown

File Type:

PE File

Link:

https://app.docguard.net/1847e53f0b2d743d51ee222f85372eb4dd452877635ed83f962d76c7293ebd74/results/dashboard

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

config-extracted confuser confuserex control lolbin packed packed redline replace

Link:

https://www.filescan.io/uploads/6554845b954faddd28e95215/reports/7457349d-30c0-470c-b1aa-ac3cfe4d709c/overview

Verdict:

Suspicious

Labled as:

Malware

Link:

https://www.hybrid-analysis.com/sample/1847e53f0b2d743d51ee222f85372eb4dd452877635ed83f962d76c7293ebd74

Result

Verdict:

MALICIOUS

Link:

https://labs.inquest.net/dfi/sha256/1847e53f0b2d743d51ee222f85372eb4dd452877635ed83f962d76c7293ebd74

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/1847e53f0b2d743d51ee222f85372eb4dd452877635ed83f962d76c7293ebd74/

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=dbd6kpylfv2d2upoeixyknzowtoukkdxmnpnqp4wfv3mokj6xv2a._file

Result

Malware family:

redline

Score:

10/10

Tags:

family:redline botnet:taiga infostealer

Link:

https://tria.ge/reports/231115-lvgqmsgh7s/

Behaviour

RedLine

RedLine payload

Malware Config

C2 Extraction:

5.42.92.51:19057

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/1847e53f0b2d743d51ee222f85372eb4dd452877635ed83f962d76c7293ebd74

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample