MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3101f6b59315da1a8b0024755a66e13319634e51bc695ea60361c1be51cddfe3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 15


Intelligence 15 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3101f6b59315da1a8b0024755a66e13319634e51bc695ea60361c1be51cddfe3
SHA3-384 hash: e9f22c2ec3dec4fa89dd4cc2eb72782c9bfd59d259a66a138462afaf248f200f8fbd4d03e1743fb8b1493ac0a79fc70a
SHA1 hash: 3dd83a599f3adfed236f0592baead6eeb632a364
MD5 hash: 2d0f01f662328b02e967e6e5c7709647
humanhash: double-don-fix-rugby
File name:translator547.exe
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:314'880 bytes
First seen:2023-05-22 10:40:59 UTC
Last seen:2023-05-22 10:46:58 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 97d476407c8713e8d8094dcaf80101c6 (3 x RedLineStealer, 3 x Stop, 2 x TeamBot)
ssdeep 6144:qYExnoTGaq6h6KgRe7YaQX9OfJdncZE6DPbK45:qVxnoTGa+BUYaQ9QtU24
Threatray 56 similar samples on MalwareBazaar
TLSH T14B64E12136E1C076E25705344AB6CAF65A3BB8395B6159EB7BE4523E0F343C2DE7430A
TrID 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
15.9% (.EXE) Win64 Executable (generic) (10523/12/4)
9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 080c0d05030a1300 (1 x RedLineStealer)
Reporter Neiki
Tags:RedLineStealer

Intelligence

File Origin
# of uploads :
2
# of downloads :
52
Origin country :
DE DE
Vendor Threat Intelligence
Malware family:
redline
Create hunting rule
ID:
1
File name:
translator547.exe
Verdict:
Malicious activity
Analysis date:
2023-05-22 10:46:02 UTC
Tags:
rat redline
Link:
https://app.any.run/tasks/c439a372-b23d-435d-b8b7-d234be9a38f6

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
Sanesecurity.Malware.29323.BadIN.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Sending a custom TCP request
Using the Windows Management Instrumentation requests
Reading critical registry keys
Creating a file
Launching the default Windows debugger (dwwin.exe)
Stealing user critical data
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/646b46c5dd54de40a7f0c154/reports/b4a87893-d0ba-4fc4-9711-4423b84c3c16/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/3101f6b59315da1a8b0024755a66e13319634e51bc695ea60361c1be51cddfe3
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Malicious Packer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/aa40bb49-3da3-46fc-8be3-ab8983b7e051
Result
Threat name:
RedLine
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1240099
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3101f6b59315da1a8b0024755a66e13319634e51bc695ea60361c1be51cddfe3/
Threat name:
Win32.Ransomware.StopCrypt
Create hunting rule
Status:
Malicious
First seen:
2023-05-22 10:41:09 UTC
File Type:
PE (Exe)
Extracted files:
8
AV detection:
20 of 23 (86.96%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gea7nnmtcxnbvcyaer2vuzxbgmmwgtsrxruv5jqdmha34uon37rq._file
Verdict:
malicious
Similar samples:
0ad626b2514c0e0ce3a1158b7d7e17afef6ab0afc985af4b7e8cbbbc6f436501
RedLineStealer
1e6feb0749b0cfffd2e085d364667c6040cf008a59b0831a74c82db2256055b6
RedLineStealer
28da267cd03efdfd51d9580f406b4e79549b535747817b1d285a549a247258b2
RedLineStealer
456f100fa1e38ed580c92e324c9dde6fd11a159dcd3efe4de8d54868de4ce83c
RedLineStealer
6e9f1b1fa3c2d1dd2a2a8d61258685c64ce1fb38a84ba281fa7c07d59225ef10
RedLineStealer
727df79548ea43456317931d6d2afdc98a84856bd1d6779c0dac4d4bc5d3c49c
RedLineStealer
9893ec0e2902925018922ca40cc3495001dec4ccd32137cc13566c74bd1438e1
RedLineStealer
9fe8b148afef5e54b88b76beeccaef42ae37b6387d38fcd8cbd7d509a9f90b40
RedLineStealer
a0e4515ee2de51f5ff5a41b03fd7e993f075c889f297d63143b1620cdcf9d9db
RedLineStealer
c45d9ba24cf0bfa06a2d725ab02811c96025418d7dab9e7644310e512f98ee2c
RedLineStealer
+ 46 additional samples on MalwareBazaar
Result
Malware family:
redline
Create hunting rule
Score:
  10/10
Tags:
family:redline discovery infostealer spyware stealer
Link:
https://tria.ge/reports/230522-mq5gksfg28/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Reads user/profile data of web browsers
RedLine
RedLine payload
Unpacked files
SH256 hash:
6d387b94e0120a94ab745ddd68cc5531b1137ec954afdf23bd3d4f571e36aa13
MD5 hash:
b976665d8b48fafb6a7d6dc535afd519
SHA1 hash:
59bcf224a78259bfe4cadb1c31407c574f2c22b5
Detections:
redline
Create hunting rule
Link:
https://www.unpac.me/results/76812f45-841b-4569-9046-4b18347c052f/
Parent samples :
0ad626b2514c0e0ce3a1158b7d7e17afef6ab0afc985af4b7e8cbbbc6f436501
f74d1a038f0d9666f42bdd990d2c86446ed3e51b210c39cd2d701ee54d22592f
bbd8aa9922966e25df27643b728d5d7a0416f4b08318990edeabd73b2a4ede53
1fd69f09311ce43388620c19162acd54b86701eea3112da066e3d905205ab223
d1168d11c6f0c4689aee92bfc5190032346925d78f57f5a502b5e11309e9f3b3
fdda52afda4278f554e26d376d4f56e881c93d87a6b010f0223b4fd03c98308b
2f745b7e0fd4a560ae3519285a02388f8264fc2b68e3dbe217683515b65a754f
3101f6b59315da1a8b0024755a66e13319634e51bc695ea60361c1be51cddfe3
SH256 hash:
abc681771581e32e28a2873bc6c5fac1f22793524300c207e77d3320df8ff4ec
MD5 hash:
f16c9d9a049a0b987a725ef0ae618927
SHA1 hash:
5745600576f586b53b57d6fc668e7be0a4d0b119
Link:
https://www.unpac.me/results/76812f45-841b-4569-9046-4b18347c052f/
SH256 hash:
a785a5e1f0472823df00c77373037df82aa490ddc3b52b5bb1bc42629dcbf03e
MD5 hash:
1df5f40f2337d55b5c31203e3ba87efe
SHA1 hash:
5171dea6a222b51109d9f926629ae6cb785ec7a8
Detections:
redline
Create hunting rule
Link:
https://www.unpac.me/results/76812f45-841b-4569-9046-4b18347c052f/
Parent samples :
0ad626b2514c0e0ce3a1158b7d7e17afef6ab0afc985af4b7e8cbbbc6f436501
f74d1a038f0d9666f42bdd990d2c86446ed3e51b210c39cd2d701ee54d22592f
bbd8aa9922966e25df27643b728d5d7a0416f4b08318990edeabd73b2a4ede53
1fd69f09311ce43388620c19162acd54b86701eea3112da066e3d905205ab223
d1168d11c6f0c4689aee92bfc5190032346925d78f57f5a502b5e11309e9f3b3
fdda52afda4278f554e26d376d4f56e881c93d87a6b010f0223b4fd03c98308b
2f745b7e0fd4a560ae3519285a02388f8264fc2b68e3dbe217683515b65a754f
3101f6b59315da1a8b0024755a66e13319634e51bc695ea60361c1be51cddfe3
SH256 hash:
3101f6b59315da1a8b0024755a66e13319634e51bc695ea60361c1be51cddfe3
MD5 hash:
2d0f01f662328b02e967e6e5c7709647
SHA1 hash:
3dd83a599f3adfed236f0592baead6eeb632a364
Link:
https://www.unpac.me/results/76812f45-841b-4569-9046-4b18347c052f/
Malware family:
RedNet
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/3101f6b59315/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3101f6b59315da1a8b0024755a66e13319634e51bc695ea60361c1be51cddfe3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe 3101f6b59315da1a8b0024755a66e13319634e51bc695ea60361c1be51cddfe3

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2604056/
  
Delivery method
Distributed via web download

Comments