MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1fca453f1f9a6acf20ba5a9828178d70426e7f8e58ec6116f2aacf96053e0037. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 8


Intelligence 8 IOCs 1 YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1fca453f1f9a6acf20ba5a9828178d70426e7f8e58ec6116f2aacf96053e0037
SHA3-384 hash: 33a5d379bc4a230292deb008a76b0351c4684b5aaa325686260de20d570f5fe2a2ef01d2a84bc21f0692b4423568c110
SHA1 hash: 7d127246c2afcbf9c37347bd6936f38d8b25f7dc
MD5 hash: ae326c63eebe25c90b66c0de6c1e5905
humanhash: mobile-nevada-california-august
File name:ae326c63eebe25c90b66c0de6c1e5905.exe
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:890'368 bytes
First seen:2022-03-11 04:27:40 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9e3fb351085edcb021693675b0122da1 (1 x RedLineStealer)
ssdeep 24576:/6FfY3l2MeUHUhzTCTltsMmJ9GUKi14vvSt69:/KfYQMnHUcHuRWL
Threatray 2'304 similar samples on MalwareBazaar
TLSH T1BC159E4390886FF3DB72457291CC48D30D4AEF33969F753BA3976627D04BE42A429A1E
File icon (PE):PE icon
dhash icon 591b29d261282923 (1 x RedLineStealer)
Reporter abuse_ch
Tags:exe RedLineStealer


Avatar
abuse_ch
RedLineStealer C2:
2.56.56.115:9132

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
2.56.56.115:9132 https://threatfox.abuse.ch/ioc/393619/

Intelligence

File Origin
# of uploads :
1
# of downloads :
246
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/249278/
Detection(s):
Win.Trojan.Injectorx-9940207-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Searching for many windows
Sending a custom TCP request
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/622acfdbb94fb38cb458dd54/reports/503f82fe-cd7f-404f-acb9-be3fc6f4be04/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/9e2f1260-553e-4dc3-8011-48db3c164b18
Result
Threat name:
RedLine
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/954655
Signature
Allocates memory in foreign processes
Antivirus / Scanner detection for submitted sample
Contains functionality to inject code into remote processes
Found malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sigma detected: Bad Opsec Defaults Sacrificial Processes With Improper Arguments
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
Yara detected RedLine Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1fca453f1f9a6acf20ba5a9828178d70426e7f8e58ec6116f2aacf96053e0037/
Threat name:
Win32.Infostealer.Reline
Create hunting rule
Status:
Malicious
First seen:
2022-03-09 02:28:00 UTC
File Type:
PE (Exe)
Extracted files:
3
AV detection:
28 of 42 (66.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=d7fekpy7tjvm6if2lkmcqf4nobbg474oldwgcfxsvlhzmbj6aa3q._file
Verdict:
malicious
Similar samples:
0713ce27fefb110cda3075fae74229170582c19758c2ecb7f85e0c0b8c694e0c
RedLineStealer
2da24494535db516936e3fdf11f46423c3be7abd33afab194bd93388ab89b0cb
RedLineStealer
5aaecc91eecab8970deeef790df826ad10dd5fb4a40695b1143b9a84773c3223
RedLineStealer
96b3aa4520797806ccaf670897eaead29ac9dd3f9a6add879e2d93f7e2557513
RedLineStealer
9bd02c78d6dc379e0906312cbf3feee3df113f1837cd41d4e13b0d07e96c5233
RedLineStealer
d057f4f00abe0297d81c25d6a1475c495b5784930ce77ca0b63bf2bad720b5e1
RedLineStealer
e29526b1d3297a4d2d5cd5f8e4cce9a7a63b84f49470dafb02449269e055a4dc
RedLineStealer
+ 2'294 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220311-e3p9esgbc5/
Unpacked files
SH256 hash:
cb48385a092657071fbaaa57781b9242fa1f63ec018d20f5705f383baea84090
MD5 hash:
7907db4d97fc043022a11d6bea0f9d68
SHA1 hash:
9e45f9e385f0c612907c5c14f0943fb0cb289153
Link:
https://www.unpac.me/results/d3722458-7a74-423f-9ec5-328ba2782248/
SH256 hash:
1fca453f1f9a6acf20ba5a9828178d70426e7f8e58ec6116f2aacf96053e0037
MD5 hash:
ae326c63eebe25c90b66c0de6c1e5905
SHA1 hash:
7d127246c2afcbf9c37347bd6936f38d8b25f7dc
Link:
https://www.unpac.me/results/d3722458-7a74-423f-9ec5-328ba2782248/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/1fca453f1f9a/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1fca453f1f9a6acf20ba5a9828178d70426e7f8e58ec6116f2aacf96053e0037

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/249278/

Comments