MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2c134e53efda9e722479d414a371223a8525510ca71d9106c3005b1ab0931491. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RedLineStealer

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	2c134e53efda9e722479d414a371223a8525510ca71d9106c3005b1ab0931491
SHA3-384 hash:	14cfaf9dd5ede6f10b4f18a3a91ec75abb890055415c39488ee7e82db4574188c380b0ef9a22798982a70da6999ac8fb
SHA1 hash:	ef0126853cbb3fadd5ede128f5c064464b4bf3ef
MD5 hash:	897130f567ba08971ff46c3dcb532500
humanhash:	xray-grey-spaghetti-ceiling
File name:	67976544.exe
Download:	download sample
Signature	RedLineStealer Create hunting rule
File size:	525'312 bytes
First seen:	2022-03-23 04:50:27 UTC
Last seen:	2022-03-23 07:13:01 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	829df24b10d39ea3719a931bde7a76d7 (1 x RedLineStealer)
ssdeep	12288:bvdJ1IMPeOLcrjK/lGRgOUqmq9kR6lhKX1720hwc:bvdJ1LPeEcrjK/cRgOnmq9g6d0hwc
Threatray	1'872 similar samples on MalwareBazaar
TLSH	T167B423298A45F453E0DCA73BA8A7AA0E06C31A57FDC1C71650C8F5BF34AC1617A6624E
File icon (PE):
dhash icon	49a9b154c62a2c65 (1 x RedLineStealer)
Reporter	adm1n_usa32
Tags:	exe RedLineStealer

Intelligence

File Origin

# of uploads :

# of downloads :

190

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/255302/

Detection(s):

PUA.Win.Packer.Asprotect-3

Result

Verdict:

Clean

Maliciousness:

Behaviour

Searching for the window

Searching for many windows

Sending a custom TCP request

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

overlay packed

Link:

https://www.filescan.io/uploads/623aa7420cd58dbd92dcbdc9/reports/07e3848f-dae9-4eba-a412-7f0764de52c4/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Gathering data

Result

Threat name:

RedLine

Detection:

malicious

Classification:

troj.spyw.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/962361

Signature

Allocates memory in foreign processes

Found malware configuration

Found many strings related to Crypto-Wallets (likely being stolen)

Injects a PE file into a foreign processes

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

PE file has nameless sections

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Crypto Currency Wallets

Writes to foreign memory regions

Yara detected RedLine Stealer

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/2c134e53efda9e722479d414a371223a8525510ca71d9106c3005b1ab0931491/

Threat name:

Win32.Trojan.Fragtor

Status:

Malicious

First seen:

2022-03-23 04:51:12 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

21 of 26 (80.77%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=fqju4u7p3kphejdz2qkkg4jchkcskuimu4ozcbwdabnrvmetcsiq._file

Verdict:

malicious

RedLineStealer

36ed7e4e8dfce10773b1b1f1b7302e80d38bfd75d7c35bc5da2abf9a8a0b99e3

RedLineStealer

387908fbfd34eb7d61e59518225543db7b5a7aa7beb1b6b8070778dd31705ed9

RedLineStealer

be2a74bc76e5429010ce7741e58aecc253a33e1dbd713d8b6f02a20545469502

RedLineStealer

c8074bbd7806f4137955b66067595f70cf0086b0bd7670cf90541bb30122dd87

RedLineStealer

cb3538ccd59fa740708efdb6f481d1b7182f18a413994a72d0669086469a3244

RedLineStealer

cd3c72abed935a7b83c5dc1cdb1383922e42ab145b2cf0206d5f0d1aa6382f37

RedLineStealer

ddfd59739281a6a3312661a1da66a6ca9a7007ce4c00675220a5c5b1b6f95a3f

RedLineStealer

e67b5e1f2fb6ab615e07315e4c5db283039258b1ba7d8214a43bd43db26d6b99

RedLineStealer

+ 1'862 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/220323-fgt6xsbhem/

Unpacked files

SH256 hash:

acfe837e5512bc0bb22df0d401a9f5b13f9dd9148f761f16fbddf85c3d2e42c0

MD5 hash:

954599156a15d8d48abf4c229a07ac32

SHA1 hash:

4bec401fa6af27c8b0b9e2dd48a4d9f07abccf11

Link:

https://www.unpac.me/results/d7c2fd26-22c6-4595-af54-aa75d39c80a0/

SH256 hash:

533df1b37d87a5ffae4f3936af9ff882274c5529107465104c94087bee0f82f4

MD5 hash:

4d8a4650be6978f4d3afcf5acf6d026d

SHA1 hash:

1c537bf86307121535c57072bde294bccb8e7195

Link:

https://www.unpac.me/results/d7c2fd26-22c6-4595-af54-aa75d39c80a0/

SH256 hash:

2c134e53efda9e722479d414a371223a8525510ca71d9106c3005b1ab0931491

MD5 hash:

897130f567ba08971ff46c3dcb532500

SHA1 hash:

ef0126853cbb3fadd5ede128f5c064464b4bf3ef

Link:

https://www.unpac.me/results/d7c2fd26-22c6-4595-af54-aa75d39c80a0/

Malware family:

RedLine.D

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/2c134e53efda/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.16

Link:

https://yomi.yoroi.company/submissions/2c134e53efda9e722479d414a371223a8525510ca71d9106c3005b1ab0931491

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/255302/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample