MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 24f106d58c742c28bb292ff2901ef26a867f2a3e635ac8211ab47ce53c02c825. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 24f106d58c742c28bb292ff2901ef26a867f2a3e635ac8211ab47ce53c02c825
SHA3-384 hash: 1fc8049e370459f2f8f2e1a1021e769afe8582220a2b368d4c65c8d4f20c20319e61624b68f4a64103dbcca185152d24
SHA1 hash: 549d86c33907a81769d5192f285b7a41e2743af6
MD5 hash: 6a15b8e40003a5615a7a55ee14901445
humanhash: wyoming-happy-eleven-two
File name:rr.exe1
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:1'977'311 bytes
First seen:2022-07-14 08:05:52 UTC
Last seen:2022-07-14 09:33:36 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 2bd4b8620ae035f6bf279b34fa17fcf7 (23 x RedLineStealer, 2 x Formbook, 1 x RecordBreaker)
ssdeep 24576:e/cg9Bo8kEz9YrY8klDBbnMEcdfO10ItJrL+t+81Y2LbQ8l36:icg9+8kwfRJrat+81Y2nQ8l36
TLSH T1F8954B12EB862DAAD912677580DFE7377738BF2083339B2BAB09D5396C232D12D45315
TrID 33.5% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
21.3% (.EXE) Win64 Executable (generic) (10523/12/4)
13.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
10.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.1% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter KdssSupport
Tags:exe RedLineStealer


Avatar
KdssSupport
Uploaded with API

Intelligence

File Origin
# of uploads :
2
# of downloads :
240
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
redline
Create hunting rule
ID:
1
File name:
Fornitee Hack.exe
Verdict:
Malicious activity
Analysis date:
2022-07-13 21:16:07 UTC
Tags:
trojan rat redline loader
Link:
https://app.any.run/tasks/73256316-d6ad-4513-940d-44c1c6cc15bd

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/289041/
Detection(s):
Win.Malware.Fragtor-9934292-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Sending a custom TCP request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-debug
Link:
https://www.filescan.io/uploads/62cfceed01fde6ede681712a/reports/7cc562d5-1ead-4934-8feb-a7415cd49fd7/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1031182
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 663680 Sample: rr.exe1 Startdate: 14/07/2022 Architecture: WINDOWS Score: 48 10 Multi AV Scanner detection for submitted file 2->10 6 rr.exe 1 2->6         started        process3 process4 8 conhost.exe 6->8         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/24f106d58c742c28bb292ff2901ef26a867f2a3e635ac8211ab47ce53c02c825/
Threat name:
Win32.Trojan.Redlinestealer
Create hunting rule
Status:
Malicious
First seen:
2022-07-13 16:36:09 UTC
File Type:
PE (Exe)
AV detection:
21 of 26 (80.77%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=etyqnvmmoqwcrozjf7zjahxsnkdh6kr6mnnmqii2wr6okpaczasq._file
Result
Malware family:
redline
Create hunting rule
Score:
  10/10
Tags:
family:redline botnet:@moriwws infostealer spyware
Link:
https://tria.ge/reports/220714-jzljaagga7/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Accesses cryptocurrency files/wallets, possible credential harvesting
RedLine
RedLine payload
Malware Config
C2 Extraction:
neredenkyor.xyz:81
Unpacked files
SH256 hash:
c4aaf2da078f76a892d8ecfbcaf50faaec9c955254d49d8e46bcd1d938ee8375
MD5 hash:
84e01aac6e52b58580284a53a6dadc4f
SHA1 hash:
9f36e332559c7617c6ae4fba2d608d781f8b9cbe
Link:
https://www.unpac.me/results/865f4729-6ecd-46ad-ac9b-d7ace5c07eab/
SH256 hash:
24f106d58c742c28bb292ff2901ef26a867f2a3e635ac8211ab47ce53c02c825
MD5 hash:
6a15b8e40003a5615a7a55ee14901445
SHA1 hash:
549d86c33907a81769d5192f285b7a41e2743af6
Link:
https://www.unpac.me/results/865f4729-6ecd-46ad-ac9b-d7ace5c07eab/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/24f106d58c742c28bb292ff2901ef26a867f2a3e635ac8211ab47ce53c02c825

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe 24f106d58c742c28bb292ff2901ef26a867f2a3e635ac8211ab47ce53c02c825

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/289041/

Comments