MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 192a3eec4116b5275e148275a80237627b63e135ec24d11d948c6e946f1a160e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 16


Intelligence 16 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 192a3eec4116b5275e148275a80237627b63e135ec24d11d948c6e946f1a160e
SHA3-384 hash: c0c902a3d1e639641379501ce089e26b7da2cd53abbd33545ca49384d620db0248a893dafd830cddac648eef53e444a6
SHA1 hash: 90cec3789d9ab30cabfb21e2c13afb819ea90edd
MD5 hash: 6b6fd185dcc3f74910d4e3cb1714d048
humanhash: ceiling-fanta-six-mobile
File name:stealer310.exe
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:1'054'208 bytes
First seen:2023-05-21 18:49:03 UTC
Last seen:2023-05-21 18:55:45 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 646167cce332c1c252cdcb1839e0cf48 (8'473 x RedLineStealer, 4'851 x Amadey, 290 x Smoke Loader)
ssdeep 24576:Dy8Ar6BACimpfLIRUUYGqsAJtOZeR0bOzFlgqzDcx7vhp+nxDbUgk:W866BACfIRUCqsAZ0bOzTgy6zT6tbUg
Threatray 1'570 similar samples on MalwareBazaar
TLSH T160252357F3C56072EC76273084F605C32A367DA09D7163172742E8AE9EB2391D9B236B
TrID 70.4% (.CPL) Windows Control Panel Item (generic) (197083/11/60)
11.1% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
5.9% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
3.7% (.EXE) Win64 Executable (generic) (10523/12/4)
2.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
File icon (PE):PE icon
dhash icon f8f0f4c8c8c8d8f0 (8'803 x RedLineStealer, 5'078 x Amadey, 288 x Smoke Loader)
Reporter Neiki
Tags:RedLineStealer

Intelligence

File Origin
# of uploads :
3
# of downloads :
82
Origin country :
DE DE
Vendor Threat Intelligence
Malware family:
redline
Create hunting rule
ID:
1
File name:
stealer310.exe
Verdict:
Malicious activity
Analysis date:
2023-05-21 19:09:16 UTC
Tags:
redline rat
Link:
https://app.any.run/tasks/df27684b-3a94-4a9d-9f7b-f432dc8f7071

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
Sanesecurity.Malware.28840.BadO.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Trojan.Agent.EAOQ.26295.2066.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a file in the %temp% subdirectories
Creating a process from a recently created file
Creating a process with a hidden window
Launching a service
Creating a file
Blocking the Windows Defender launch
Disabling the operating system update service
Unauthorized injection to a recently created process
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/86957/overview
Behaviour
MalwareBazaar
SystemUptime
MeasuringTime
EvasionGetTickCount
EvasionQueryPerformanceCounter
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
advpack.dll CAB greyware installer lolbin packed rundll32.exe setupapi.dll shell32.dll
Link:
https://www.filescan.io/uploads/646a67dac89910719b4c30fb/reports/f139b7a9-0415-4e1a-b91f-2694e2593da5/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/192a3eec4116b5275e148275a80237627b63e135ec24d11d948c6e946f1a160e
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
RedLine stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/3818dbd4-264e-4630-b200-ec328bc02cff
Result
Threat name:
RedLine
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1238949
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/192a3eec4116b5275e148275a80237627b63e135ec24d11d948c6e946f1a160e/
Threat name:
Win32.Trojan.RedLineStealer
Create hunting rule
Status:
Malicious
First seen:
2023-05-21 18:50:04 UTC
File Type:
PE (Exe)
Extracted files:
118
AV detection:
20 of 24 (83.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=devd53cbc22soxquqj22qarxmj5whyjv5qsnchmurrxji3y2cyha._file
Verdict:
malicious
Similar samples:
0f91f82218d734d2f86b6a1fa0b6c8743e031caf1ce6481e138201309eaf224f
RedLineStealer
127331248be3658c2f1156be9b8df2462ae511a94f73d3251f76ff294424b2cb
RedLineStealer
28d3195daf8b48fa262cc9be185e9dd402f79be472874b4070dd0516744b8a63
RedLineStealer
8003e04f598f75df475bebdafb8b1702c4bdff87067b6554942a795a50c5bb73
RedLineStealer
86de0eece0f433c1dad9c51b60a11e39346f6da14ad576d78bd72600d963f80a
RedLineStealer
8c6d489d8ecdd838af163fa9d7dca54122213cb7344e14496966c69e707f556c
RedLineStealer
aa3a84d69bd27931f0e7aeda5ff5cb4f7780644c2bb59bc1c374470c8109d2da
RedLineStealer
e97c547cced7e272f3695066bf3086013be74e24a21bf7bbb9302982edf255ce
RedLineStealer
f984811ca20f0022a21840ccd29a68b8a39d44569b4ecdb9634405e4f404af57
RedLineStealer
fda782d36cbd967d0c3f037110e2419d4676af0a089648fb8c6f8656e97fdb83
RedLineStealer
+ 1'560 additional samples on MalwareBazaar
Result
Malware family:
redline
Create hunting rule
Score:
  10/10
Tags:
family:redline botnet:diza evasion infostealer persistence trojan
Link:
https://tria.ge/reports/230521-xgdbvaef3v/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Adds Run key to start application
Executes dropped EXE
Loads dropped DLL
Windows security modification
Modifies Windows Defender Real-time Protection settings
RedLine
Malware Config
C2 Extraction:
185.161.248.37:4138
Unpacked files
SH256 hash:
78aba28ee3dc7d5a365cd3843ab9a5457b225fe5d57beef5be154c71f3757a68
MD5 hash:
71663a1b857d126898900b9bc88fe08a
SHA1 hash:
9d8fd90e2180e30178340e85e6801f29b11cd348
Link:
https://www.unpac.me/results/5b9523fb-5601-40db-9818-b0c92edaf8c6/
SH256 hash:
d6f4751ff424881e11ef19ea08f4660c7ae26388367b3bc8f905d8556b03a961
MD5 hash:
f80b6c70dd002580dce8f3ed32d1c525
SHA1 hash:
67048e6429e9af41d3258d4cac80b49ccdb29b9c
Link:
https://www.unpac.me/results/5b9523fb-5601-40db-9818-b0c92edaf8c6/
SH256 hash:
101bd87d4ab13e3926d50603d531e9dfbfe34d77da74f73370529b645136bf33
MD5 hash:
d334b23cfa34cd79588869dcb979a701
SHA1 hash:
b809eae7b11d87ab1b3223c22a98f49835101b80
Detections:
redline
Create hunting rule
Link:
https://www.unpac.me/results/5b9523fb-5601-40db-9818-b0c92edaf8c6/
SH256 hash:
13edb320955f37b076540b1ff9a6ac3d5d47423f2c7544d40797901b8a258f1d
MD5 hash:
1ebfdf2b63bead53c682b84918d7d5c4
SHA1 hash:
19e82c42fe648a93c6b623bcfa24dbeace922c6f
Link:
https://www.unpac.me/results/5b9523fb-5601-40db-9818-b0c92edaf8c6/
SH256 hash:
513c1e876b94f83bea2dcc821f9e38f65b6394e653f98fa31dc8ddbcafb93f5b
MD5 hash:
8e3f4a2c7ea246ac44f70e9af600824a
SHA1 hash:
b2bc4c21e7c20870e10323db4fad49a6d1713486
Link:
https://www.unpac.me/results/5b9523fb-5601-40db-9818-b0c92edaf8c6/
SH256 hash:
192a3eec4116b5275e148275a80237627b63e135ec24d11d948c6e946f1a160e
MD5 hash:
6b6fd185dcc3f74910d4e3cb1714d048
SHA1 hash:
90cec3789d9ab30cabfb21e2c13afb819ea90edd
Link:
https://www.unpac.me/results/5b9523fb-5601-40db-9818-b0c92edaf8c6/
Malware family:
RedNet
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/192a3eec4116/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Redline
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/192a3eec4116b5275e148275a80237627b63e135ec24d11d948c6e946f1a160e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe 192a3eec4116b5275e148275a80237627b63e135ec24d11d948c6e946f1a160e

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2636943/
  
Delivery method
Distributed via web download

Comments