MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3467893f47bdbaa0fb58975fdce620c2591a2064703f56fab29313afa3fe9cff. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RedLineStealer

Vendor detections: 14

Intelligence 14 IOCs YARA File information Comments

SHA256 hash:	3467893f47bdbaa0fb58975fdce620c2591a2064703f56fab29313afa3fe9cff
SHA3-384 hash:	d32b5989d6103a50580d3aaf405fd48af032e46f787ca209599631ce431c4e87369c415a5eb6f6d898f4b642d0b49d76
SHA1 hash:	5a3da0cc7864353b46af318f367ffa8a1c4d883b
MD5 hash:	a1fc6223b8388dd449fdf206d279509c
humanhash:	angel-princess-two-oklahoma
File name:	a1fc6223b8388dd449fdf206d279509c.exe
Download:	download sample
Signature	RedLineStealer Create hunting rule
File size:	190'526 bytes
First seen:	2023-12-24 00:30:10 UTC
Last seen:	2023-12-24 02:17:46 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	5db376734d2a1f4a2ede6b0ea2395477 (1 x RedLineStealer)
ssdeep	3072:xdtP+FmP/wCCCCFWyz0MoG8rDXdH7qKIxFYVUDgotqTVGgIk4CSQXkmrLQjzCOkI:xLOmPHMoG8vtH7FIQmqTVGBk4CSQXkma
Threatray	79 similar samples on MalwareBazaar
TLSH	T15D148D5336C488F2D81E8877B4E78D5E7F9C6D08036609F72B9D84A40BA35F2667E90D
TrID	45.5% (.EXE) Win16 NE executable (generic) (5038/12/1) 18.3% (.EXE) OS/2 Executable (generic) (2029/13) 18.0% (.EXE) Generic Win/DOS Executable (2002/3) 18.0% (.EXE) DOS Executable Generic (2000/1)
Reporter	abuse_ch
Tags:	exe RedLineStealer

abuse_ch

RedLineStealer C2:
94.103.188.192:443

Intelligence

File Origin

# of uploads :

2

# of downloads :

529

Origin country :

NL

Vendor Threat Intelligence

Detection:

RedLine

Link:

https://www.capesandbox.com/analysis/469159/

Detection(s):

SecuriteInfo.com.Trojan.PWS.Stealer.37437.8089.15718.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

Creating a window

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

redline stealer

Link:

https://www.filescan.io/uploads/65877bc8439457868c073f32/reports/aa741939-8276-46aa-b666-c638122221b5/overview

Verdict:

Malicious

Labled as:

DeepScan:Generic.Dacic.30

Link:

https://www.hybrid-analysis.com/sample/3467893f47bdbaa0fb58975fdce620c2591a2064703f56fab29313afa3fe9cff

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/d03aa811-a998-4d09-a2b4-a31c3a7b0bf6

Result

Threat name:

RedLine

Detection:

malicious

Classification:

troj

Score:

84 / 100

Link:

https://www.joesandbox.com/analysis/1366569

Signature

C2 URLs / IPs found in malware configuration

Connects to a pastebin service (likely for C&C)

Found malware configuration

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected RedLine Stealer

Behaviour

Behavior Graph:

Score:

100%

Verdict:

Malware

File Type:

PE

Link:

https://malprob.io/report/3467893f47bdbaa0fb58975fdce620c2591a2064703f56fab29313afa3fe9cff

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/3467893f47bdbaa0fb58975fdce620c2591a2064703f56fab29313afa3fe9cff/

Threat name:

Win32.Trojan.Dacic

Status:

Malicious

First seen:

2023-12-19 19:07:01 UTC

File Type:

PE (Exe)

AV detection:

26 of 37 (70.27%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=grtysp2hxw5kb62ys5p5zzrayjmruideoa7vn6vssmj27i76tt7q._file

Verdict:

malicious

Similar samples:

3467893f47bdbaa0fb58975fdce620c2591a2064703f56fab29313afa3fe9cff

3eb310f8d5efd369668424db8a545463e51dda3583a7054bdcba894c20513be9

a94bec1ee46f4a7e50fbccb77c8604c8c32b78a4879d18f923b5fa5e8e80d400

ba2e9c9f33c7d6462eb951c0aafdaa5419e588cbf141211e2fa93b741bebbb44

d2df430d281ad78bc0690d63df9896fe195e2df53f2e9182c6f459094f70aa45

df4138a66646a5635fcb28efd5b0e7a8df86a67b77e9105516b83cca0233c34a

ef0a4f73c51f2a14eeaac3d6db1b9a016e22afb50dcaec7f383b4d81d1b318ee

f1bcccd8f101b58cff28e6b38c98a1458e557c7eeab60364ab45063df3e22ae2

+ 69 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/231224-at2hwabfar/

Unpacked files

SH256 hash:

8303b8983ed5f1ad8a53d4629c02cebd9c067d1976712c03d80cc4e3846f42ce

MD5 hash:

ee36084695d41b2a997306c3ff332083

SHA1 hash:

2e828257dc559fffea51d7c51a07140ce80aa644

Detections:

redline

MALWARE_Win_RedLine

Link:

https://www.unpac.me/results/6955fe9e-d4ce-4749-88fb-d25c5ec91d65/

Parent samples :

1155b82749364016f6a7232f58f169029706bf61da9e19d97b015eca502e3396
aa23c8b6468593d23f9e186b7d377a6136a2cd6cf6ebe7e927101b36fe9bf22b
3ff4f96ffdfc8fc6a6fc58a959d682bc9c1a8f631871217e924d84073c7fe876
10480736752fc02e4c2360e1a3066a494c17db9db6709b5d6621d5f2e9ea922d
3467893f47bdbaa0fb58975fdce620c2591a2064703f56fab29313afa3fe9cff
297e3d063b460078308a5c84bb86b13c9bb878a47d02446b0a1ecc25b690e3eb

SH256 hash:

3467893f47bdbaa0fb58975fdce620c2591a2064703f56fab29313afa3fe9cff

MD5 hash:

a1fc6223b8388dd449fdf206d279509c

SHA1 hash:

5a3da0cc7864353b46af318f367ffa8a1c4d883b

Link:

https://www.unpac.me/results/6955fe9e-d4ce-4749-88fb-d25c5ec91d65/

Malware family:

RedLine.E

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/3467893f47bd/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/3467893f47bdbaa0fb58975fdce620c2591a2064703f56fab29313afa3fe9cff

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/469159/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample