MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 187fcae469c19f5af40b5f05f07b842963e18ff528b3514caeea54ca31ff8e9f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 187fcae469c19f5af40b5f05f07b842963e18ff528b3514caeea54ca31ff8e9f
SHA3-384 hash: 10a2d39a1716a1e9274a5e0f5baa9905691a6d696151d65bb0ad7fca4e6ca7569b82967a9b003422652cc511726c0eac
SHA1 hash: e6b93725fdc98b6b0c0c955c7724463aba51b000
MD5 hash: dfc10207b0e4c888c44252ad1896566a
humanhash: ceiling-march-low-angel
File name:dfc10207b0e4c888c44252ad1896566a.exe
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:328'192 bytes
First seen:2021-11-15 09:17:47 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 622f52745de31bb340a6b60a08c245aa (8 x RaccoonStealer, 7 x RedLineStealer, 1 x CryptBot)
ssdeep 6144:b5O8cqTKsVoVwOgz/3h21xAlYyh7ITsq7igavwVf:bSu7VofsexA+879
Threatray 5'610 similar samples on MalwareBazaar
TLSH T1B764DFC126A28837E0593E3564258BA1463BB872F870DD4AF774E71E1EB33D18A7570B
File icon (PE):PE icon
dhash icon fcfc94d4d4d4d8c0 (24 x RaccoonStealer, 21 x RedLineStealer, 9 x Smoke Loader)
Reporter abuse_ch
Tags:exe RedLineStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
122
Origin country :
n/a
Vendor Threat Intelligence
Detection:
RedLine
Create hunting rule
Link:
https://www.capesandbox.com/analysis/205858/
Detection(s):
Win.Packed.Generic-9908949-0
Create hunting rule

Win.Dropper.Fragtor-9909325-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Creating a window
Unauthorized injection to a recently created process
Sending a UDP request
Connection attempt to an infection source
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/619225cedec3347825a50a6f/reports/0f143925-0f68-40bd-8e90-16016624ba20/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/3914428e-7d0b-4f93-94cc-429f39f6bfbb
Result
Threat name:
RedLine
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/889264
Signature
Contains functionality to inject code into remote processes
Found malware configuration
Injects a PE file into a foreign processes
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Yara detected RedLine Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/187fcae469c19f5af40b5f05f07b842963e18ff528b3514caeea54ca31ff8e9f/
Threat name:
Win32.Ransomware.StopCrypt
Create hunting rule
Status:
Malicious
First seen:
2021-11-15 09:18:07 UTC
AV detection:
25 of 27 (92.59%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
351b7b183ee55d280acfffc23886ef74efd76873d508704336bb782d84176f90
RedLineStealer
64f9f7fccc993e73cf2ad970c822c53e4b6830687af349f8d791037ccd8b3a03
RedLineStealer
858d2384fe0e2ed91c2e2400e4f58435d59989a0e209747004a0e63f898ba483
RedLineStealer
9b6a7db9202742073407252d5db59ded5b938f7c2e2383b00e87857f122be3bc
RedLineStealer
a014acb67295264a4f9ac982db6b65d858f259ca46dd92d836091ef872f78b7e
RedLineStealer
b8c3325bc497649787f113cee57f95a63ba7a06138fac32329f0b89814b848b7
RedLineStealer
b93c3342ed056d702f68cda57ccdd6ea92c34addac671f174e7070477cf4c156
RedLineStealer
ba60a173e1935175aaddd6a07759577fa82f0b47f2ae978e6d27f0185ec6e560
RedLineStealer
f8eaf4927a573dd810d0d51d0af5b72dfe12045dd7e84535ff9b636ec8f6dfb1
RedLineStealer
+ 5'600 additional samples on MalwareBazaar
Result
Malware family:
redline
Create hunting rule
Score:
  10/10
Tags:
family:redline botnet:superstar infostealer
Link:
https://tria.ge/reports/211115-k9nbashgc6/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
RedLine
RedLine Payload
Malware Config
C2 Extraction:
185.215.113.29:36224
Unpacked files
SH256 hash:
95d1284b38956fb6a9e76c630acce1c37e41177cb6363df6759b31c139f25227
MD5 hash:
85f83ca85cab60c704c1b3d52cbd276d
SHA1 hash:
f3c0408a8bbf38acf5a04c287d9e148d12f341a3
Link:
https://www.unpac.me/results/1e27d646-722a-4190-8040-a3ba7fbae2f6/
SH256 hash:
eb58744cfd98d6f6c157ed563904b39c05b4a5393894692cbd1be6298d9d2086
MD5 hash:
93ed16d365e472e03681a21e6b053782
SHA1 hash:
cc4be427791cf175a23154a83c0dbf497b280e43
Link:
https://www.unpac.me/results/1e27d646-722a-4190-8040-a3ba7fbae2f6/
SH256 hash:
530ee932b7e415222c31080326f026a79280df76ab363ca38802a15497f8ce51
MD5 hash:
3c95728f3f0dd3b1511554febac68c1a
SHA1 hash:
c0a34aa26369e0a9ce99c72df75f1141142e430e
Link:
https://www.unpac.me/results/1e27d646-722a-4190-8040-a3ba7fbae2f6/
SH256 hash:
187fcae469c19f5af40b5f05f07b842963e18ff528b3514caeea54ca31ff8e9f
MD5 hash:
dfc10207b0e4c888c44252ad1896566a
SHA1 hash:
e6b93725fdc98b6b0c0c955c7724463aba51b000
Link:
https://www.unpac.me/results/1e27d646-722a-4190-8040-a3ba7fbae2f6/
Malware family:
RedNet
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/187fcae469c1/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe 187fcae469c19f5af40b5f05f07b842963e18ff528b3514caeea54ca31ff8e9f

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1746392/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/205858/

Comments