MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 30d39f83d5df83960c7eb229e2f11efbd8068df72e8983bc754cfac786a32fc7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RedLineStealer

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	30d39f83d5df83960c7eb229e2f11efbd8068df72e8983bc754cfac786a32fc7
SHA3-384 hash:	959f9b4da791b9502297d8a80b8b295d761acdc13cce9f08b81b76f2aff4fe09be660dee601eb7d0f5bb464bb34465ce
SHA1 hash:	b8dfa94d146f5d741667eca62779380789fc5f39
MD5 hash:	82ac0e251996e14101753c3511760d4b
humanhash:	timing-carbon-eighteen-sixteen
File name:	82ac0e251996e14101753c3511760d4b.exe
Download:	download sample
Signature	RedLineStealer Create hunting rule
File size:	359'936 bytes
First seen:	2021-11-18 09:32:23 UTC
Last seen:	2021-11-18 11:04:01 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	ff6439958bc7d1b926a3ea41188420fe (3 x RaccoonStealer, 1 x ArkeiStealer, 1 x RedLineStealer)
ssdeep	6144:EtPuteb1z2cpS3k2jVRO7kQfoTPyH+0yQZtwGZGY7:8Put8tpS3k2j7O7kQgTPyH+0XwGd
Threatray	5'285 similar samples on MalwareBazaar
TLSH	T13D74CF00A7F0C039F5F716B85A7A9375B93E79A1AB7494CF52D116EA5634AE0EC30307
File icon (PE):
dhash icon	b2dacabecee6baa6 (148 x RedLineStealer, 145 x Stop, 100 x Smoke Loader)
Reporter	abuse_ch
Tags:	exe RedLineStealer

Intelligence

File Origin

# of uploads :

# of downloads :

108

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

82ac0e251996e14101753c3511760d4b.exe

Verdict:

Suspicious activity

Analysis date:

2021-11-18 09:34:53 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/77a77d37-cf4e-43d6-a81b-a4cfb9865fc7

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/207172/

Detection(s):

SecuriteInfo.com.Variant.Babar.29261.19172.24071.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Unauthorized injection to a recently created process

DNS request

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

greyware packed

Link:

https://www.filescan.io/uploads/61961dd22695a62af9f2e336/reports/e43d67af-5ec8-4ba0-966c-8bae59ec4360/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/b9cf6815-2eae-4588-8084-1d785ee2c984

Result

Threat name:

RedLine

Detection:

malicious

Classification:

troj

Score:

68 / 100

Link:

https://www.joesandbox.com/analysis/891827

Signature

Found malware configuration

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Yara detected RedLine Stealer

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/30d39f83d5df83960c7eb229e2f11efbd8068df72e8983bc754cfac786a32fc7/

Threat name:

Win32.Trojan.Injuke

Status:

Malicious

First seen:

2021-11-18 09:33:05 UTC

AV detection:

27 of 44 (61.36%)

Threat level:

5/5

Verdict:

malicious

RedLineStealer

64f9f7fccc993e73cf2ad970c822c53e4b6830687af349f8d791037ccd8b3a03

RedLineStealer

858d2384fe0e2ed91c2e2400e4f58435d59989a0e209747004a0e63f898ba483

RedLineStealer

9b6a7db9202742073407252d5db59ded5b938f7c2e2383b00e87857f122be3bc

RedLineStealer

a014acb67295264a4f9ac982db6b65d858f259ca46dd92d836091ef872f78b7e

RedLineStealer

b8c3325bc497649787f113cee57f95a63ba7a06138fac32329f0b89814b848b7

RedLineStealer

b93c3342ed056d702f68cda57ccdd6ea92c34addac671f174e7070477cf4c156

RedLineStealer

ba60a173e1935175aaddd6a07759577fa82f0b47f2ae978e6d27f0185ec6e560

RedLineStealer

f8eaf4927a573dd810d0d51d0af5b72dfe12045dd7e84535ff9b636ec8f6dfb1

RedLineStealer

+ 5'275 additional samples on MalwareBazaar

Result

Malware family:

redline

Score:

10/10

Tags:

family:redline botnet:superstar infostealer

Link:

https://tria.ge/reports/211118-lh7rasccar/

Behaviour

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

RedLine

RedLine Payload

Malware Config

C2 Extraction:

185.215.113.29:36224

Unpacked files

SH256 hash:

95d1284b38956fb6a9e76c630acce1c37e41177cb6363df6759b31c139f25227

MD5 hash:

85f83ca85cab60c704c1b3d52cbd276d

SHA1 hash:

f3c0408a8bbf38acf5a04c287d9e148d12f341a3

Link:

https://www.unpac.me/results/de988923-f3a5-49a5-8151-b591199f8e86/

SH256 hash:

eb58744cfd98d6f6c157ed563904b39c05b4a5393894692cbd1be6298d9d2086

MD5 hash:

93ed16d365e472e03681a21e6b053782

SHA1 hash:

cc4be427791cf175a23154a83c0dbf497b280e43

Link:

https://www.unpac.me/results/de988923-f3a5-49a5-8151-b591199f8e86/

SH256 hash:

530ee932b7e415222c31080326f026a79280df76ab363ca38802a15497f8ce51

MD5 hash:

3c95728f3f0dd3b1511554febac68c1a

SHA1 hash:

c0a34aa26369e0a9ce99c72df75f1141142e430e

Link:

https://www.unpac.me/results/de988923-f3a5-49a5-8151-b591199f8e86/

SH256 hash:

30d39f83d5df83960c7eb229e2f11efbd8068df72e8983bc754cfac786a32fc7

MD5 hash:

82ac0e251996e14101753c3511760d4b

SHA1 hash:

b8dfa94d146f5d741667eca62779380789fc5f39

Link:

https://www.unpac.me/results/de988923-f3a5-49a5-8151-b591199f8e86/

Malware family:

RedNet

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/30d39f83d5df/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/30d39f83d5df83960c7eb229e2f11efbd8068df72e8983bc754cfac786a32fc7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

exe 30d39f83d5df83960c7eb229e2f11efbd8068df72e8983bc754cfac786a32fc7

(this sample)

Cape

https://www.capesandbox.com/analysis/207172/

URLhaus

https://urlhaus.abuse.ch/url/1746392/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample