MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2ab38fdbe562dd5a6be9651562e1523dbf7f3fd7d720d57bc9a25b0e2b665640. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 9


Intelligence 9 IOCs 1 YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2ab38fdbe562dd5a6be9651562e1523dbf7f3fd7d720d57bc9a25b0e2b665640
SHA3-384 hash: dc141ca54a66490a77daaf92fd6f87877e5845c51a6bc1c3a3ee33fce7761ca2d1b3b07d2f65e84f7cc82a48b894dfb2
SHA1 hash: a7a0fe43cb86e3f78f7e68d7b3b3ad2b6754619f
MD5 hash: 11e87734f6fe3e23919bf2e3f227c0e4
humanhash: sodium-california-kilo-ink
File name:11E87734F6FE3E23919BF2E3F227C0E4.exe
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:2'917'521 bytes
First seen:2021-07-25 23:15:33 UTC
Last seen:2021-07-25 23:44:04 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 5a594319a0d69dbc452e748bcf05892e (21 x ParallaxRAT, 20 x Gh0stRAT, 15 x NetSupport)
ssdeep 49152:9qe3f63ex/S5KnwUnzYHiiXXt4+D0b3KqIZC1ncC/vGW07cD2:MSiu2yyX4sM3fjnrq
Threatray 509 similar samples on MalwareBazaar
TLSH T108D5F13FF214663EC56A473205B3C2306C7BAE65A91A8D1B17F00C0FFF665612E3A656
dhash icon 0000000000000000 (872 x AgentTesla, 496 x Formbook, 296 x RedLineStealer)
Reporter abuse_ch
Tags:exe RedLineStealer


Avatar
abuse_ch
RedLineStealer C2:
185.215.113.32:14976

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
185.215.113.32:14976 https://threatfox.abuse.ch/ioc/162883/

Intelligence

File Origin
# of uploads :
2
# of downloads :
180
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
11E87734F6FE3E23919BF2E3F227C0E4.exe
Verdict:
Suspicious activity
Analysis date:
2021-07-25 23:18:16 UTC
Tags:
installer
Link:
https://app.any.run/tasks/1de18069-2f8f-4de5-a5e5-a58683f89367

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/174048/
Detection(s):
PUA.Win.Packer.Exe-6
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Creating a window
Creating a process from a recently created file
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/9f41986e-cf40-43e0-943e-310de31faea3
Result
Threat name:
RedLine
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
46 / 100
Link:
https://www.joesandbox.com/analysis/821588
Signature
.NET source code contains potential unpacker
Antivirus detection for dropped file
Creates an undocumented autostart registry key
Found malware configuration
Injects a PE file into a foreign processes
Multi AV Scanner detection for submitted file
Yara detected RedLine Stealer
Behaviour
Behavior Graph:
Download SVG
Gathering data
Threat name:
ByteCode-MSIL.Infostealer.Racealer
Create hunting rule
Status:
Malicious
First seen:
2021-07-23 09:55:43 UTC
AV detection:
16 of 26 (61.54%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=fkzy7w7fmlovu27jmukwfykshw7x6p6x24qnk66jujnq4k3gkzaa._file
Verdict:
malicious
Similar samples:
01910bddacbf2ea878b487dd3dfc2cfbeabf1a3dba94309b4a84c9e6b4b4afc9
RedLineStealer
07eaa6e88904f46157a5e5e45dd70d6e14d5d06aae7dc17e8a2c440ff403a51e
RedLineStealer
111d1529eb5320465bc09a12146b321b0f4409372a8b73048b7798904082068c
RedLineStealer
3f299a38f6196d2df259cd0b626e204fb81f5d33de5ec78d4bd7bae131ccb9d4
RedLineStealer
6109fdc0254cdefc1462dc6a453ecce1cd70d8b533822d3a11be42604eb47a18
RedLineStealer
923e1d37bb37118bd66462b153d9fa0d4518898ed56f0252690a6d9eb111a0d7
RedLineStealer
b0fbc0cb8f9d0b065439e1cee2fcd98d020f3abe54f0940ff661b3952d4a52e5
RedLineStealer
df3dabd031184b67bab7043baaae17061c21939d725e751c0a6f6b7867d0cf34
RedLineStealer
f5a558eba4843612e1b2e7bbfb431932a94bdc86f9411c0529f4216bcfe0ef02
RedLineStealer
+ 499 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210725-x8h9219w96/
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
aee750830ccdbf4ca3b5d968c74e06f5ad42d1eeb48d45b58a283471241e47af
MD5 hash:
a648212e22d09c5fe4914097fdd7f56a
SHA1 hash:
8232d023a646699614526375b87262bc8652dc07
Link:
https://www.unpac.me/results/11a5db97-49dd-417a-95c2-87ed761d4616/
SH256 hash:
b0285c464ac7eac83a4b4a0a488e72c12af567af3df453cf1a15380dc319959f
MD5 hash:
09fa310a403b617fa295b5ba01410cd1
SHA1 hash:
25a0c40d4ae2d2df4328ddbe9b5c9d8883d48302
Link:
https://www.unpac.me/results/11a5db97-49dd-417a-95c2-87ed761d4616/
SH256 hash:
e962bfa8d3526f7ef93315994fdbad0bda78f5c3b36593f1285f722ec4b10418
MD5 hash:
5d8b228aba1735ad7787f1b171bd1bb9
SHA1 hash:
29d9f6f08f6167ee8be22d71b8cd1d19fbaf2eca
Link:
https://www.unpac.me/results/11a5db97-49dd-417a-95c2-87ed761d4616/
SH256 hash:
2ab38fdbe562dd5a6be9651562e1523dbf7f3fd7d720d57bc9a25b0e2b665640
MD5 hash:
11e87734f6fe3e23919bf2e3f227c0e4
SHA1 hash:
a7a0fe43cb86e3f78f7e68d7b3b3ad2b6754619f
Link:
https://www.unpac.me/results/11a5db97-49dd-417a-95c2-87ed761d4616/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2ab38fdbe562dd5a6be9651562e1523dbf7f3fd7d720d57bc9a25b0e2b665640

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/174048/

Comments