MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2f745b7e0fd4a560ae3519285a02388f8264fc2b68e3dbe217683515b65a754f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 15


Intelligence 15 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2f745b7e0fd4a560ae3519285a02388f8264fc2b68e3dbe217683515b65a754f
SHA3-384 hash: 3b5b6d56b4b631317ca0f7b75ad130bf825ea3323f6dc5bcf2af8c0c965f5a03a6e4e4952ed8daec7e0b7ec0fe29cf49
SHA1 hash: dd922cbdbfdc3c8514b302ce79374e8df80ea54d
MD5 hash: 93578fdf67e69753498a2cff8c23f801
humanhash: hydrogen-finch-march-michigan
File name:starter693.exe
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:314'880 bytes
First seen:2023-05-22 10:40:50 UTC
Last seen:2023-05-22 10:47:42 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 91e52b5b5b8df9c17be98b9e4559a03d (1 x Amadey, 1 x RedLineStealer, 1 x Formbook)
ssdeep 6144:OlLStUNF+5MeH4O4kjq3LLuwDMixHbi50AJ:OdSt8SavvuAxOyg
Threatray 56 similar samples on MalwareBazaar
TLSH T1D164F1313AD5C032F12245348EA5C6A28B2B7D712BA25ACB3B95063E5F772D1DE7431B
TrID 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
15.9% (.EXE) Win64 Executable (generic) (10523/12/4)
9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 000030b0c4086040 (1 x RedLineStealer)
Reporter Neiki
Tags:RedLineStealer

Intelligence

File Origin
# of uploads :
2
# of downloads :
51
Origin country :
DE DE
Vendor Threat Intelligence
Malware family:
redline
Create hunting rule
ID:
1
File name:
starter693.exe
Verdict:
Malicious activity
Analysis date:
2023-05-22 10:45:32 UTC
Tags:
rat redline
Link:
https://app.any.run/tasks/4afca925-324e-4e0b-a999-e904fae171b9

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
Sanesecurity.Malware.29323.BadIN.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a custom TCP request
Using the Windows Management Instrumentation requests
Reading critical registry keys
Creating a file
Launching the default Windows debugger (dwwin.exe)
Searching for the window
Stealing user critical data
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/646b46c4b99f32321da615b3/reports/6317cc4e-e4a3-4f32-9f3a-06b5f6bf90f3/overview
Verdict:
Malicious
Labled as:
Malware
Link:
https://www.hybrid-analysis.com/sample/2f745b7e0fd4a560ae3519285a02388f8264fc2b68e3dbe217683515b65a754f
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Malicious Packer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/eb884477-dfb3-4043-9012-e8639de52e66
Result
Threat name:
RedLine
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1240100
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2f745b7e0fd4a560ae3519285a02388f8264fc2b68e3dbe217683515b65a754f/
Threat name:
Win32.Trojan.Smokeloader
Create hunting rule
Status:
Malicious
First seen:
2023-05-22 10:41:08 UTC
File Type:
PE (Exe)
Extracted files:
8
AV detection:
16 of 24 (66.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=f52fw7qp2sswblrvdeufuaryr6bgj7blndr5xyqxna2rlns2ovhq._file
Verdict:
malicious
Similar samples:
0ad626b2514c0e0ce3a1158b7d7e17afef6ab0afc985af4b7e8cbbbc6f436501
RedLineStealer
1e6feb0749b0cfffd2e085d364667c6040cf008a59b0831a74c82db2256055b6
RedLineStealer
28da267cd03efdfd51d9580f406b4e79549b535747817b1d285a549a247258b2
RedLineStealer
6e9f1b1fa3c2d1dd2a2a8d61258685c64ce1fb38a84ba281fa7c07d59225ef10
RedLineStealer
727df79548ea43456317931d6d2afdc98a84856bd1d6779c0dac4d4bc5d3c49c
RedLineStealer
9893ec0e2902925018922ca40cc3495001dec4ccd32137cc13566c74bd1438e1
RedLineStealer
9fe8b148afef5e54b88b76beeccaef42ae37b6387d38fcd8cbd7d509a9f90b40
RedLineStealer
a0e4515ee2de51f5ff5a41b03fd7e993f075c889f297d63143b1620cdcf9d9db
RedLineStealer
bbd8aa9922966e25df27643b728d5d7a0416f4b08318990edeabd73b2a4ede53
RedLineStealer
c45d9ba24cf0bfa06a2d725ab02811c96025418d7dab9e7644310e512f98ee2c
RedLineStealer
+ 46 additional samples on MalwareBazaar
Result
Malware family:
redline
Create hunting rule
Score:
  10/10
Tags:
family:redline discovery infostealer spyware stealer
Link:
https://tria.ge/reports/230522-mq5gksfg27/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Reads user/profile data of web browsers
RedLine
RedLine payload
Unpacked files
SH256 hash:
6d387b94e0120a94ab745ddd68cc5531b1137ec954afdf23bd3d4f571e36aa13
MD5 hash:
b976665d8b48fafb6a7d6dc535afd519
SHA1 hash:
59bcf224a78259bfe4cadb1c31407c574f2c22b5
Detections:
redline
Create hunting rule
Link:
https://www.unpac.me/results/e49f207f-2777-4d0c-8c42-ff8430900eb5/
Parent samples :
0ad626b2514c0e0ce3a1158b7d7e17afef6ab0afc985af4b7e8cbbbc6f436501
f74d1a038f0d9666f42bdd990d2c86446ed3e51b210c39cd2d701ee54d22592f
bbd8aa9922966e25df27643b728d5d7a0416f4b08318990edeabd73b2a4ede53
1fd69f09311ce43388620c19162acd54b86701eea3112da066e3d905205ab223
d1168d11c6f0c4689aee92bfc5190032346925d78f57f5a502b5e11309e9f3b3
fdda52afda4278f554e26d376d4f56e881c93d87a6b010f0223b4fd03c98308b
2f745b7e0fd4a560ae3519285a02388f8264fc2b68e3dbe217683515b65a754f
3101f6b59315da1a8b0024755a66e13319634e51bc695ea60361c1be51cddfe3
SH256 hash:
abc681771581e32e28a2873bc6c5fac1f22793524300c207e77d3320df8ff4ec
MD5 hash:
f16c9d9a049a0b987a725ef0ae618927
SHA1 hash:
5745600576f586b53b57d6fc668e7be0a4d0b119
Link:
https://www.unpac.me/results/e49f207f-2777-4d0c-8c42-ff8430900eb5/
SH256 hash:
a785a5e1f0472823df00c77373037df82aa490ddc3b52b5bb1bc42629dcbf03e
MD5 hash:
1df5f40f2337d55b5c31203e3ba87efe
SHA1 hash:
5171dea6a222b51109d9f926629ae6cb785ec7a8
Detections:
redline
Create hunting rule
Link:
https://www.unpac.me/results/e49f207f-2777-4d0c-8c42-ff8430900eb5/
Parent samples :
0ad626b2514c0e0ce3a1158b7d7e17afef6ab0afc985af4b7e8cbbbc6f436501
f74d1a038f0d9666f42bdd990d2c86446ed3e51b210c39cd2d701ee54d22592f
bbd8aa9922966e25df27643b728d5d7a0416f4b08318990edeabd73b2a4ede53
1fd69f09311ce43388620c19162acd54b86701eea3112da066e3d905205ab223
d1168d11c6f0c4689aee92bfc5190032346925d78f57f5a502b5e11309e9f3b3
fdda52afda4278f554e26d376d4f56e881c93d87a6b010f0223b4fd03c98308b
2f745b7e0fd4a560ae3519285a02388f8264fc2b68e3dbe217683515b65a754f
3101f6b59315da1a8b0024755a66e13319634e51bc695ea60361c1be51cddfe3
SH256 hash:
2f745b7e0fd4a560ae3519285a02388f8264fc2b68e3dbe217683515b65a754f
MD5 hash:
93578fdf67e69753498a2cff8c23f801
SHA1 hash:
dd922cbdbfdc3c8514b302ce79374e8df80ea54d
Link:
https://www.unpac.me/results/e49f207f-2777-4d0c-8c42-ff8430900eb5/
Malware family:
RedNet
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/2f745b7e0fd4/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2f745b7e0fd4a560ae3519285a02388f8264fc2b68e3dbe217683515b65a754f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments