MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2fdb6f86925379ff52bbb5a5bb7ab5b53dc40d828d4a5f52c0189050b1dcb847. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2fdb6f86925379ff52bbb5a5bb7ab5b53dc40d828d4a5f52c0189050b1dcb847
SHA3-384 hash: ce5f786e95c24c8af1b7644556acb26b466f3caa5f6d015c43d3f632bb24bb78cf06f89c85c4bea852fccf7ed2c06fa8
SHA1 hash: 7432dee3986c34bee9a4ee75f54adfb6437ce57b
MD5 hash: 84988f8e8d923673a26c009b55825bf6
humanhash: harry-east-romeo-mike
File name:84988f8e8d923673a26c009b55825bf6
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:321'536 bytes
First seen:2021-09-20 16:40:32 UTC
Last seen:2021-09-20 17:56:07 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash d0a8c3f24685503ba25bd76f34c13b9e (8 x RedLineStealer, 3 x RaccoonStealer, 2 x DanaBot)
ssdeep 6144:Dk7VukLGyRV2IdqrJqOQS2kV8GwvLqzZ+RGrFVoFyYJaQl5c0LBXOsoSr:w5fRV2SqrVP2kGGwvWQcrF05Jf5nLBXP
Threatray 329 similar samples on MalwareBazaar
TLSH T16C64BF20B7E0C035F5B722F849B597B8A93D7EB06B2091CB62D526EA56353E4DC30787
File icon (PE):PE icon
dhash icon b3e8ecb6f6dcf9a6 (1 x RedLineStealer)
Reporter zbetcheckin
Tags:32 exe RedLineStealer

Intelligence

File Origin
# of uploads :
2
# of downloads :
110
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
84988f8e8d923673a26c009b55825bf6
Verdict:
Suspicious activity
Analysis date:
2021-09-20 16:42:02 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/1524fe32-b37a-4c88-a183-7afc6f19d3a9

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
RedLineDropperAHK
Create hunting rule
Link:
https://www.capesandbox.com/analysis/189526/
Detection(s):
SecuriteInfo.com.Variant.Fragtor.23360.21575.7342.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
DNS request
Connection attempt
Sending an HTTP GET request
Launching the default Windows debugger (dwwin.exe)
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/9ad3b814-ee46-42ec-b65e-488119953727
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/854265
Signature
Country aware sample found (crashes after keyboard check)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2fdb6f86925379ff52bbb5a5bb7ab5b53dc40d828d4a5f52c0189050b1dcb847/
Threat name:
Win32.Trojan.Racealer
Create hunting rule
Status:
Malicious
First seen:
2021-09-20 16:41:12 UTC
AV detection:
17 of 45 (37.78%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
11adb6fd4fbcb8fe68033ff2bc3b8cc45b980c573f7c58be291383d5b95d6e41
RedLineStealer
46833cb6d7164e28570005bd33ca5a46e3d1f3666677d1a1ef541b70f98b5d14
RedLineStealer
71536640ec28b6c7f0e1d84b33099a780ccefa60f66a7fbf5c5794a676e36f47
RedLineStealer
79d1a0d0bd8b5672374ab7c97365a6b0276efc6755900cdbdcdb77019e69457a
RedLineStealer
8674d82a2e51082639b66e7e4c93a30f24f378e4f060979d16da85da4e0efe20
RedLineStealer
935099f2160f2dd5fec6a63ea02c81d80c0b2cbf712b0e48b386a81078a627dd
RedLineStealer
9bb77fb3b462b7b52694f0326b83b4f0f47969240e296129cd23da3b2fe98fb0
RedLineStealer
e95fd4b1c20d7547466b404f5a9f00940e40e3c8421c3838b619adfa6bbcb4cb
RedLineStealer
ef2f21418e6ff5b26def9df5e5a12be498475dcd904e1e11bce087e8fb7037b6
RedLineStealer
f839282d220070e3ff6d1467515862a17dfda7afec2420ea6427106510375428
RedLineStealer
+ 319 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/210920-t65wlshcfp/
Behaviour
Kills process with taskkill
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Deletes itself
Unpacked files
SH256 hash:
56bce56dd73e39bf34765ab7180df7f5603453dd849b42e711d23740e304cb75
MD5 hash:
217e82b4d3103941fb02b67d47618c89
SHA1 hash:
6b5a5b5f25eefaa6739b7cde771b09d5a8f62532
Link:
https://www.unpac.me/results/de8c26ff-fc02-4cb9-a98c-ddfc92720967/
SH256 hash:
2fdb6f86925379ff52bbb5a5bb7ab5b53dc40d828d4a5f52c0189050b1dcb847
MD5 hash:
84988f8e8d923673a26c009b55825bf6
SHA1 hash:
7432dee3986c34bee9a4ee75f54adfb6437ce57b
Link:
https://www.unpac.me/results/de8c26ff-fc02-4cb9-a98c-ddfc92720967/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2fdb6f86925379ff52bbb5a5bb7ab5b53dc40d828d4a5f52c0189050b1dcb847

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe 2fdb6f86925379ff52bbb5a5bb7ab5b53dc40d828d4a5f52c0189050b1dcb847

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/189526/

Comments


Avatar
zbet commented on 2021-09-20 16:40:34 UTC

url : hxxp://194.145.227.159/pub.php?pub=azed/