MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1d64d3eb1c28bda9e53ed296e9a84092b655deb5fb27aac6ee6d99c65ee6f118. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1d64d3eb1c28bda9e53ed296e9a84092b655deb5fb27aac6ee6d99c65ee6f118
SHA3-384 hash: 268b6eadc7d046ecc60d1a23e53fafb1ee49b41e3ae1d9cf02bce2675dd4b0fce375a3cb4c539e982cef36f3270b91ff
SHA1 hash: bf7868038d82b2f832ca4c400dd4cb6b501614e2
MD5 hash: 3b6605e0b78a30f733dd78af9708b13c
humanhash: idaho-aspen-east-mississippi
File name:discord_gen.exe
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:551'560 bytes
First seen:2021-06-24 21:26:20 UTC
Last seen:2021-06-24 21:36:45 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash fcf1390e9ce472c7270447fc5c61a0c1 (863 x DCRat, 118 x NanoCore, 94 x njrat)
ssdeep 12288:lNpszYhvXWSVJdMae9X7wRJ8pGt68+MbJWCcHouV1:bhvJVJdMV7wktntog
Threatray 166 similar samples on MalwareBazaar
TLSH E5C4E042FBD1A4B2E22118322565B7606ABDF9201F148AEFE3D85A1DFD701D0A731ED7
Reporter Anonymous
Tags:exe gaming RedLineStealer


Avatar
Anonymous
We run a multi-gaming organisation/multi-game guild with a large amount of members, and receive targetted spearphishing and non-targetted malware typically RATs or keyloggers, attempting to compromise accounts and steal items.

Intelligence

File Origin
# of uploads :
2
# of downloads :
127
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
discord_gen.exe
Verdict:
Malicious activity
Analysis date:
2021-06-24 21:13:53 UTC
Tags:
trojan rat redline
Link:
https://app.any.run/tasks/4521a703-345a-41a6-802f-3eb05c67ee5c

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
RedLine
Create hunting rule
Link:
https://www.capesandbox.com/analysis/168145/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.37143403.12875.29594.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Trojan.GenericKD.37098799.28291.25939.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/1cc6c1f4-74d2-4877-b215-780872de7c1c
Result
Threat name:
RedLine
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/807785
Signature
Antivirus detection for dropped file
Found malware configuration
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Uses known network protocols on non-standard ports
Yara detected RedLine Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1d64d3eb1c28bda9e53ed296e9a84092b655deb5fb27aac6ee6d99c65ee6f118/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-06-24 21:27:16 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dvsnh2y4fc62tzj62klotkcask3flxvv7mt2vrxonwm4mxxg6ema._file
Verdict:
malicious
Similar samples:
53ab564f89d18f4cd23210668dcb0d704d32083eff9d9f0dd090fd3bb49902f3
RedLineStealer
5677b9d1528c45370a17cd4b68fc443862d4304ef1bca005c369c8c1d9158a62
RedLineStealer
6d0083394a549c135820010343353dcfa2929aeaa83f72a50ec60a7263f4ec90
RedLineStealer
74b13418d9f50f94920aa870823732618509599ed36a57e440c32c1e9cd928f2
RedLineStealer
d8a3df5d5ed44873fc091b44a64f98c6c54dae8356d747cddee51b88df9f1d2e
RedLineStealer
da19103e927e19daedc51212deb60ceca403e3e9876c52a9dec41d7e6215929b
RedLineStealer
e55e95de03dff2a35cb8304d855c944a5309c56ff8d369af0a542e600faa6808
RedLineStealer
ea50cc254fa1cc865d19d13bbdf206dc69092d6f723cb56a3843d74ba83e64a0
RedLineStealer
f22de8d1f21ff5f203ca79aa38bc5128d87647b58d098191e7e8d11a9b888514
RedLineStealer
ffecd6261932159067dd93f5c1df26f8da517f37ded13d122db853c1c84e7924
RedLineStealer
+ 156 additional samples on MalwareBazaar
Result
Malware family:
redline
Create hunting rule
Score:
  10/10
Tags:
family:redline botnet:@soulscreen discovery infostealer spyware stealer
Link:
https://tria.ge/reports/210624-q4gt17fgea/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Loads dropped DLL
Reads user/profile data of web browsers
Executes dropped EXE
RedLine
RedLine Payload
Malware Config
C2 Extraction:
185.92.148.234:28092
Unpacked files
SH256 hash:
cb1518a88429caf25c7a0ce507def54351a20f8456831543e137a61d190f3593
MD5 hash:
0fa213c0c322f55c0f9877a4fa6f7fe9
SHA1 hash:
c9d542235ee062398c93185b7037e4c4a48315a3
Link:
https://www.unpac.me/results/e375113b-69c2-4fb7-9f9d-55fef344ad73/
SH256 hash:
cca67c6621d7898f6af4c6feb399bcef7e2f14ef0278b485e999a3813e446834
MD5 hash:
1455cb5a3530091bc0474e610ac4f289
SHA1 hash:
72f81ca0110570ff8858e4f82d187268ac9b4dba
Link:
https://www.unpac.me/results/e375113b-69c2-4fb7-9f9d-55fef344ad73/
SH256 hash:
ec56dcdd197d8381ec220b51dbd195cc406efb8e75d6103c77ade1ea56e87316
MD5 hash:
36bc1449c7914533e3a46281a1f22644
SHA1 hash:
3cfde1e175996c6d12037f7ea183b988ed049c3e
Link:
https://www.unpac.me/results/e375113b-69c2-4fb7-9f9d-55fef344ad73/
SH256 hash:
1d64d3eb1c28bda9e53ed296e9a84092b655deb5fb27aac6ee6d99c65ee6f118
MD5 hash:
3b6605e0b78a30f733dd78af9708b13c
SHA1 hash:
bf7868038d82b2f832ca4c400dd4cb6b501614e2
Link:
https://www.unpac.me/results/e375113b-69c2-4fb7-9f9d-55fef344ad73/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1d64d3eb1c28bda9e53ed296e9a84092b655deb5fb27aac6ee6d99c65ee6f118

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe 1d64d3eb1c28bda9e53ed296e9a84092b655deb5fb27aac6ee6d99c65ee6f118

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/168145/

Comments