MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 28a2f8c9924758d55bece4190880de32dcf4a65eedf8e7895d156d941d2627d9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
RedLineStealer
Vendor detections: 12
| SHA256 hash: | 28a2f8c9924758d55bece4190880de32dcf4a65eedf8e7895d156d941d2627d9 |
|---|---|
| SHA3-384 hash: | 7a9eb5b03160f85ca5875fe4f11b812f8af1f2db9bc685e507e8afd26120f00da4f867c7af44b0a8148cb3f1ff0fb400 |
| SHA1 hash: | c3d7ee13a112fff1f43e830796eb9ab3ef758542 |
| MD5 hash: | 06553d37ca4aa42c8bb5f4cbc81e6813 |
| humanhash: | twenty-cup-papa-lactose |
| File name: | VirusMaker_setup.exe |
| Download: | download sample |
| Signature | RedLineStealer |
| File size: | 6'202'103 bytes |
| First seen: | 2022-05-06 13:54:25 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 5a594319a0d69dbc452e748bcf05892e (21 x ParallaxRAT, 20 x Gh0stRAT, 15 x NetSupport) |
| ssdeep | 98304:YSiGgdR+7d0Qy6TY6PfRZyAvGSxxwovlCNTGjWDMVokm6Yrrd0xtNKhVtB/pA:x2QGQy69pD9xSNTgsMakmdrrdoEVt1pA |
| Threatray | 1'320 similar samples on MalwareBazaar |
| TLSH | T19556123FB368A53ED4AB4B3245B39350497BBA60A81A8C1F07F0095DDF265701F3B65A |
| TrID | 59.6% (.EXE) Inno Setup installer (109740/4/30) 22.5% (.EXE) Win32 EXE PECompact compressed (generic) (41569/9/9) 5.7% (.EXE) Win64 Executable (generic) (10523/12/4) 3.5% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 2.4% (.EXE) Win32 Executable (generic) (4505/5/1) |
| File icon (PE): |  |
| dhash icon | 002332b430706210 (1 x RedLineStealer) |
| Reporter |  JaffaCakes118 |
| Tags: | exe RedLineStealer |
Intelligence
File Origin
# of uploads :
1
# of downloads :
310
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
VirusMaker_setup.exe
Verdict:
Malicious activity
Analysis date:
2022-04-20 13:44:38 UTC
Tags:
installer
Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
RedLine
Detection(s):
Result
Verdict:
Clean
Maliciousness:
Behaviour
Creating a file in the %temp% subdirectories
Creating a window
Creating a process from a recently created file
Сreating synchronization primitives
Searching for synchronization primitives
Sending a custom TCP request
Result
Malware family:
n/a
Score:
6/10
Tags:
n/a
Behaviour
MalwareBazaar
CheckNumberOfProcessor
CheckCmdLine
Verdict:
Likely Malicious
Threat level:
7.5/10
Confidence:
100%
Tags:
control.exe expand.exe overlay packed setupapi.dll shell32.dll
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Verdict:
Malicious
Result
Threat name:
RedLine
Detection:
malicious
Classification:
troj.evad
Score:
46 / 100
Signature
Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Obfuscated command line found
Tries to detect virtualization through RDTSC time measurements
Yara detected Costura Assembly Loader
Yara detected RedLine Stealer
Behaviour
Behavior Graph:
Threat name:
Win32.Backdoor.Bladabhindi
Status:
Malicious
First seen:
2022-04-19 21:52:56 UTC
File Type:
PE (Exe)
AV detection:
2 of 42 (4.76%)
Threat level:
5/5
Verdict:
malicious
Similar samples:
+ 1'310 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
8/10
Tags:
n/a
Behaviour
Suspicious use of WriteProcessMemory
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
9947914a24d2ac8b0319a076e0deb6d096e093e90886276f517d202fa9123007
MD5 hash:
362ab7bf4b126fa9bb7a9570fce6761a
SHA1 hash:
e8d1efd1b56c2b778f2774b7d2622eed3915a3ca
SH256 hash:
19d9922060be89a70b76e5c0056e751f1baa5d41819235c92cf4f5d7668e1267
MD5 hash:
811864a0b06c529af894a7fec6ddbf47
SHA1 hash:
d35b82933eb06a6ec60e8cbbdb65eb6cdcaeb6d2
SH256 hash:
3412eb6648c872e2c9b0eea58a99e5b6d8e6a6f12dff0efb59b5a7fcd22f0678
MD5 hash:
243c9e2bad1a957b447fbc598ee3ccd7
SHA1 hash:
583da9e118c89cc2ebfdfd6f52f0b2e8351b79f9
SH256 hash:
c57dc826327d3e8999eef74cffbc7f14c95c46030c71674d68768aede584ca9c
MD5 hash:
2f9d1a5b881b8290b84a5297a1299824
SHA1 hash:
14c2100a03e842078771df8d66ad760f916de8a8
SH256 hash:
6f6e787182840c39044d15260824a05e95c2acff4c5ce874d55607e9964c7f42
MD5 hash:
3c7e53f48aaacbc75ec817dfe55a3801
SHA1 hash:
07772ada0bc5ccfad8c794e25d66d51a3066c382
SH256 hash:
ad4f17ca901b6eecc9187b2b4cb392666fb66c5dba1193a58386fe2a62436ae4
MD5 hash:
2b8e8806dd12e8c3110e9a7e075fa7a4
SHA1 hash:
3dfaa2d18e5ab644d2f5c5b3af152a646d616094
SH256 hash:
06dde32ea437f812ca882384a114fd893344a55c9b9980b61429c716db021826
MD5 hash:
423b3218477296101475b4d1d7146852
SHA1 hash:
84b908cd36d6a7579a4a1672db0255410ffee06c
SH256 hash:
28a2f8c9924758d55bece4190880de32dcf4a65eedf8e7895d156d941d2627d9
MD5 hash:
06553d37ca4aa42c8bb5f4cbc81e6813
SHA1 hash:
c3d7ee13a112fff1f43e830796eb9ab3ef758542
Malware family:
RedNet
Verdict:
Malicious
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
Delivery method
Distributed via web download
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.