MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 19decfd7c08e3a632b3c455644f746b973c56ab4c66cf0acad872bf032539193. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 13


Intelligence 13 IOCs 1 YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 19decfd7c08e3a632b3c455644f746b973c56ab4c66cf0acad872bf032539193
SHA3-384 hash: eb03ce585bd4a6c7f3af9c44cf8bffe62a974f6fbb4d77d0e9c005f1183c4d69eb9a9d028cf7959eaa1e57e89d2146e4
SHA1 hash: ab9ddfc19ad9f4a29acdfffef8c61fe0bac1b15c
MD5 hash: a7a937593d0f8c4b4071a976333ee5c2
humanhash: six-fix-north-montana
File name:a7a937593d0f8c4b4071a976333ee5c2.exe
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:775'168 bytes
First seen:2021-10-23 13:50:35 UTC
Last seen:2021-10-23 15:11:42 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 4aa82b91dfdd0eea976043de209425e6 (5 x RedLineStealer, 1 x RaccoonStealer)
ssdeep 12288:0nvTV/+mrJw9n1x2RiwKBG54XDPRkUvp351vgOs30IaxQmTlQeHISZM3T:mJ/juXkSNPrgJEVWmK53T
Threatray 40 similar samples on MalwareBazaar
TLSH T18BF40785A973608EF7A2B2780B0D15910A420C77DB139AFF5FBDB95631F26D18A97303
File icon (PE):PE icon
dhash icon b36494a8cca2cc4d (6 x RedLineStealer, 1 x RaccoonStealer)
Reporter abuse_ch
Tags:exe RedLineStealer


Avatar
abuse_ch
RedLineStealer C2:
92.119.113.189:21746

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
92.119.113.189:21746 https://threatfox.abuse.ch/ioc/236787/

Intelligence

File Origin
# of uploads :
2
# of downloads :
656
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
19decfd7c08e3a632b3c455644f746b973c56ab4c66cf0acad872bf032539193.exe
Verdict:
Malicious activity
Analysis date:
2021-10-23 16:40:34 UTC
Tags:
trojan rat redline
Link:
https://app.any.run/tasks/94eb74a2-b1dd-4a3b-ae03-923f7bf07982

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
RedLine
Create hunting rule
Link:
https://www.capesandbox.com/analysis/199574/
Detection(s):
SecuriteInfo.com.Trojan.PWS.Stealer.31119.26292.19392.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Connection attempt to an infection source
Sending a TCP request to an infection source
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-debug anti-vm packed
Link:
https://www.filescan.io/uploads/6174f675db358dd15ed91085/reports/fea66f16-3991-451e-8514-545799313244/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
RedLine stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/c5d6c450-6a59-4531-ba80-86e6e76c9fc2
Result
Threat name:
RedLine
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/875664
Signature
Antivirus detection for URL or domain
Connects to many ports of the same IP (likely port scanning)
Detected unpacking (creates a PE file in dynamic memory)
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Yara detected RedLine Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/19decfd7c08e3a632b3c455644f746b973c56ab4c66cf0acad872bf032539193/
Threat name:
Win32.Trojan.Fragtor
Create hunting rule
Status:
Malicious
First seen:
2021-10-20 13:29:28 UTC
AV detection:
23 of 28 (82.14%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dhpm7v6ary5ggkz4ivlej52gxfz4k2vuyzwpblfnq4v7amstsgjq._file
Verdict:
malicious
Similar samples:
0166717b404b753bd02d798b428242405e6f6120ce71fbd7b0dd33b3f8de34af
RedLineStealer
3b17e1d94b70f6d8fc6b56071259a9affacc235a92d7a772b27ddd0c01783d4a
RedLineStealer
4a0f52dab31cc96ebe813dfce03401b5813d10153ffd805ba61b06cb169eee6a
RedLineStealer
5c10cf9b9eb40cb03ff0f2af7e6ed3ce2807b47d2aebbd5586e485f50e7def60
RedLineStealer
6c2ad98af84288aff6f49ae92f9f71befbfaa4ac35d1a05b1441f1ce15124ee0
RedLineStealer
ae3f08ee06ddd2f9080d22a345aa9a5862b64f9a90001244b035ceac8b54dc24
RedLineStealer
b861fd048ceff8dca345ce5ab41b60c695d845258ecc3bf175a819ee42037f98
RedLineStealer
+ 30 additional samples on MalwareBazaar
Result
Malware family:
redline
Create hunting rule
Score:
  10/10
Tags:
family:redline botnet:@kla1z infostealer
Link:
https://tria.ge/reports/211023-q5tkeacda7/
Behaviour
RedLine
RedLine Payload
Malware Config
C2 Extraction:
92.119.113.189:21746
Unpacked files
SH256 hash:
dc59229664b52171f020de0c6f2230655fd61c3dd5bc487dbf72c0710f3a7fd6
MD5 hash:
435f97c2d619197082fd943149a324b7
SHA1 hash:
9d946941e85fc4d0ac25ed13980c67072f64a800
Link:
https://www.unpac.me/results/3316d0c8-61ca-4e93-bcb5-35f72e0f2570/
SH256 hash:
38b04bd309668d2d45b0ad9cb135b7a41c414956bbe3d8bafecdaef43c64bf92
MD5 hash:
cf894ded5a1793594ff100d1ed8e93e3
SHA1 hash:
3adf0f87c5d728f6349968eb4438dfbb427ad581
Link:
https://www.unpac.me/results/3316d0c8-61ca-4e93-bcb5-35f72e0f2570/
SH256 hash:
19decfd7c08e3a632b3c455644f746b973c56ab4c66cf0acad872bf032539193
MD5 hash:
a7a937593d0f8c4b4071a976333ee5c2
SHA1 hash:
ab9ddfc19ad9f4a29acdfffef8c61fe0bac1b15c
Link:
https://www.unpac.me/results/3316d0c8-61ca-4e93-bcb5-35f72e0f2570/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Redline
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/19decfd7c08e3a632b3c455644f746b973c56ab4c66cf0acad872bf032539193

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/199574/

Comments