MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 283cbd908b318692fd0d95a811739739a3c349df08a1589da24e09ecaa1cb9e5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 9


Intelligence 9 IOCs 1 YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 283cbd908b318692fd0d95a811739739a3c349df08a1589da24e09ecaa1cb9e5
SHA3-384 hash: 953ec1087e881be8a64ca689eb2b5654b7ffddad4825868f55462c45108a90a2f556f9e11901eda3a35213c49e61778e
SHA1 hash: be4d668cd8571a5aacbd9f2969ed095638decb69
MD5 hash: 6ad8f2b96d84135510c6fc31dece04b9
humanhash: nebraska-alabama-nevada-twenty
File name:IcePick.exe
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:4'787'712 bytes
First seen:2021-10-23 16:44:43 UTC
Last seen:2021-10-23 18:12:46 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 908bea7ee71339f1c35ba419da3ba679 (36 x RedLineStealer, 2 x RaccoonStealer)
ssdeep 98304:oL5DrX3JnOCr6Sb8XzyeMaxdv2Pugn7/wOSAR8bxlwAIo:8xOCzbaWAx12PrMPoKT0o
Threatray 49 similar samples on MalwareBazaar
TLSH T16226023362540192D1E18C365937BED4B2F6176D8F41E8FBA5E2EEC529359E0E323A43
Reporter Mlwr_Krev260
Tags:exe RedLineStealer

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
185.255.133.25:18225 https://threatfox.abuse.ch/ioc/236935/

Intelligence

File Origin
# of uploads :
4
# of downloads :
628
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/199592/
Detection(s):
SecuriteInfo.com.Variant.Razy.971855.8386.9212.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-vm packed
Link:
https://www.filescan.io/uploads/6174f68ba9d585e6d53702fc/reports/6af2e79e-865e-4ca9-9880-4bc80ca2c678/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
RedLine stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/f1f7d2b7-37ed-4924-8fd2-26e1fe36dc5f
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/875691
Signature
Allocates memory in foreign processes
Found detection on Joe Sandbox Cloud Basic with higher score
Injects a PE file into a foreign processes
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to shutdown other security tools via broadcasted WM_QUERYENDSESSION
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/283cbd908b318692fd0d95a811739739a3c349df08a1589da24e09ecaa1cb9e5/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fa6l3eelggdjf7inswubc44xhgr4gso7bcqvrhncjye6zkq4xhsq._file
Verdict:
malicious
Similar samples:
1b189602123e4dba4522d442877fb0862a8fbbc4cc6d187954ba27039bea7d9c
RedLineStealer
2ace0be70434934b6e140f679a0c1551dd589abedfb1f6abeb5ceffaf0a1b9d9
RedLineStealer
2c9e0f6e90b663293874332acd2cab44b8a28011337c99e828e86e3b9d1585c2
RedLineStealer
4098b54c9d27b00ce34d04ffac24213ed28993a2854827851b157d63407c2e4e
RedLineStealer
46878cf16c919445a9e5ada3ff03ca3465c03323a3e8b31c2de38eae1c9259e4
RedLineStealer
5940fd97a28d3ee232155231fe70af70be462aa144d0b625470fe46a01a3bd1b
RedLineStealer
84783081ade87f5a4a1902a275eb66c7fe8ebef9e43cdd2d4527bdb1a5a51f04
RedLineStealer
8867a5229762e4b01828f7295c0821f4acd8545acb7fc648b05b87da54754120
RedLineStealer
a3c2207806f9be710f3a1d1cbf1149a708bb080946e2368c8e826f5cef2293e4
RedLineStealer
+ 39 additional samples on MalwareBazaar
Result
Malware family:
redline
Create hunting rule
Score:
  10/10
Tags:
family:redline infostealer spyware
Link:
https://tria.ge/reports/211023-t9dxascdc9/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of SetThreadContext
Accesses cryptocurrency files/wallets, possible credential harvesting
RedLine
RedLine Payload
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
0a012fb653a62ba3a8641c7a20f9f41a57f7b1ffc5d0a9d9ff9450b5f25e931b
MD5 hash:
c99a3c6a56b28e8e0f6e2f1dc819bbe8
SHA1 hash:
d370804a633911b6ac5094b956e07e01247d3f7c
Link:
https://www.unpac.me/results/a16ef025-755b-4e07-a390-db1b04ca889e/
SH256 hash:
283cbd908b318692fd0d95a811739739a3c349df08a1589da24e09ecaa1cb9e5
MD5 hash:
6ad8f2b96d84135510c6fc31dece04b9
SHA1 hash:
be4d668cd8571a5aacbd9f2969ed095638decb69
Link:
https://www.unpac.me/results/a16ef025-755b-4e07-a390-db1b04ca889e/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/283cbd908b31/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/283cbd908b318692fd0d95a811739739a3c349df08a1589da24e09ecaa1cb9e5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/199592/

Comments