MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 372db1c46c51528dda1e2e6b8a7896a0f374ef5caa6df5b0877f9c18d54aef61. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 17


Intelligence 17 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 372db1c46c51528dda1e2e6b8a7896a0f374ef5caa6df5b0877f9c18d54aef61
SHA3-384 hash: 10099f30bea99383cf8bdc60ae1c1873a7399197ed16158b41e69c6a5530016bced573c41407a04d3a91bc61642171ab
SHA1 hash: b218cc48fbea36f3c991659c858cb768a539e264
MD5 hash: e698bb5976d0cb81dfa0dc89a95a825a
humanhash: mississippi-finch-queen-july
File name:e698bb5976d0cb81dfa0dc89a95a825a.exe
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:390'144 bytes
First seen:2023-03-09 10:05:15 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f7c5b620acbcc0f29abfcbc3407e0336 (5 x RedLineStealer, 1 x Gozi, 1 x Smoke Loader)
ssdeep 6144:MGh1LStLtDAvqnd+ij/ui1yk0dCsi8lMWfZoQQJ9BIYGqTZmXjUF:RXmtLEq7jjoi8lvZk1bVX
Threatray 20 similar samples on MalwareBazaar
TLSH T1DE84CF13F2E07DE0F59A4A728E6EDEE47AEFF5110D15E75A12D84A5F28F01A1C263306
TrID 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
15.9% (.EXE) Win64 Executable (generic) (10523/12/4)
9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 011adec486929290 (1 x RedLineStealer)
Reporter abuse_ch
Tags:exe RedLineStealer


Avatar
abuse_ch
RedLineStealer C2:
193.233.20.28:4125

Intelligence

File Origin
# of uploads :
1
# of downloads :
225
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
redline
Create hunting rule
ID:
1
File name:
e698bb5976d0cb81dfa0dc89a95a825a.exe
Verdict:
Malicious activity
Analysis date:
2023-03-09 10:08:25 UTC
Tags:
rat redline
Link:
https://app.any.run/tasks/0c6c4f95-f4cf-426c-9374-3cb490ff8466

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
RedLine
Create hunting rule
Link:
https://www.capesandbox.com/analysis/372949/
Detection(s):
Sanesecurity.Malware.28986.BadIN.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.28988.BadIN.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.28876.BadIN.UNOFFICIAL
Create hunting rule

Win.Packer.pkr_ce1a-9980177-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Using the Windows Management Instrumentation requests
Sending a custom TCP request
Reading critical registry keys
Creating a file
Launching the default Windows debugger (dwwin.exe)
Sending a TCP request to an infection source
Stealing user critical data
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
azorult babar greyware lockbit
Link:
https://www.filescan.io/uploads/6409af8b23801f596354a821/reports/627d5768-ee1f-432f-879e-44d46d3341ea/overview
Verdict:
Malicious
Labled as:
Ransom.EDBBA292
Link:
https://www.hybrid-analysis.com/sample/372db1c46c51528dda1e2e6b8a7896a0f374ef5caa6df5b0877f9c18d54aef61
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Malicious Packer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/00a24bbe-eebc-4e24-8e77-97aaafb8e4c3
Result
Threat name:
RedLine
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1190216
Signature
C2 URLs / IPs found in malware configuration
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Snort IDS alert for network traffic
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Yara detected RedLine Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/372db1c46c51528dda1e2e6b8a7896a0f374ef5caa6df5b0877f9c18d54aef61/
Threat name:
Win32.Trojan.SmokeLoader
Create hunting rule
Status:
Malicious
First seen:
2023-03-09 10:11:06 UTC
File Type:
PE (Exe)
Extracted files:
33
AV detection:
20 of 24 (83.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=g4w3drdmkfji3wq6fzvyu6ewudzxj324vjw7lmehp6obrvkk55qq._file
Verdict:
malicious
Similar samples:
1a05e9fcc4a4f16f3dff7e6447847604eeb050fb0f5eb96aeddfdc2069165f46
RedLineStealer
61dcedfb38453427170d426c396e9bc5080ee63088b8892a7cd5621b141d6b69
RedLineStealer
66f558d704f16300999826f2c369d2710da5b12d4b7b4199e3af92b21c8e09bf
RedLineStealer
6e4851ea613a84b0f163d5f0ce7300d57283a2a734aa7ca002c4c9bb87d4f392
RedLineStealer
85d93c02c3dbe76faa87f61da66053378c117828747bdd9c24d77e09854df54f
RedLineStealer
ade76c27d8fcf82e28efe778f9e848f6da9ecd4bb2129bb59278d78b69523ad2
RedLineStealer
aff53afbb407c1e40a0ba6585f686576edd4a13540f9d416bf152f94476588c5
RedLineStealer
bbaadb0917566495a400596ca4d3b3803aa7f6f49f82071a4f146c831da9794a
RedLineStealer
ca2e28ee7e793e7748701bb3875d0e11fe24a1aacb9b3cdc1865c890423f51ae
RedLineStealer
cd3bde9a06c3e79fb85e88a38d93c654f0d8941108581fa7b2b883a04bc9e0b0
RedLineStealer
+ 10 additional samples on MalwareBazaar
Result
Malware family:
redline
Create hunting rule
Score:
  10/10
Tags:
family:redline botnet:mango discovery infostealer spyware stealer
Link:
https://tria.ge/reports/230309-l43pgaag3y/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Reads user/profile data of web browsers
RedLine
RedLine payload
Malware Config
C2 Extraction:
193.233.20.28:4125
Unpacked files
SH256 hash:
c2300a9d90f2cdbe6538a2f96ffc482596ea493b3f2fbd9e107c3801f78a441f
MD5 hash:
1683f2c06f3e5f502ef6be243d3dd0eb
SHA1 hash:
d154adc9e45ebbde89a40a6da5d78ae91a9a1d27
Detections:
redline
Create hunting rule
Link:
https://www.unpac.me/results/2db839e4-e665-4242-93f7-28fc214477fc/
Parent samples :
1a05e9fcc4a4f16f3dff7e6447847604eeb050fb0f5eb96aeddfdc2069165f46
6e4851ea613a84b0f163d5f0ce7300d57283a2a734aa7ca002c4c9bb87d4f392
61dcedfb38453427170d426c396e9bc5080ee63088b8892a7cd5621b141d6b69
ca2e28ee7e793e7748701bb3875d0e11fe24a1aacb9b3cdc1865c890423f51ae
bbaadb0917566495a400596ca4d3b3803aa7f6f49f82071a4f146c831da9794a
ade76c27d8fcf82e28efe778f9e848f6da9ecd4bb2129bb59278d78b69523ad2
0afb28c467b02cc9b91cbd45a6b0eee38a4c0c93c11efe7e892e9ae8a0f250a4
8152ede7f665910747fd8c2c3384e2b721f922c8b6e758882959355c2c7b9872
d5388c7c2b3d1d1f78bf05fa921d08da77dbd95bda870dd6586ef454f1baf057
98a69344fc7f63f8839f1cda32b8a57400d871ea0e618454ed4e4d9a2f001e4c
cd3bde9a06c3e79fb85e88a38d93c654f0d8941108581fa7b2b883a04bc9e0b0
8e9c17eef3b9aea25037691c41032485a6bc4b768861ac8da022ae30c76a494a
11fabd86822c10caf14f9e189d3071ea1355dd996e437eac8eef01a0e419302c
d23466023b353a7a281d06ef51d8c913c98a4f11d7a15e7a3cffd1b6d8f48fe0
cf461b4800e075e7587a844bbbab6b4b9ee987c73062b30a4d9734b736d96f59
31bb7b8c3a3b5215810473d482b95062d79452fb584f292646fea7e095819b55
011a59f49d5d2c8965bad3829cf84a924b6611e67cf7f3d31bb2031ca61ed9af
85d93c02c3dbe76faa87f61da66053378c117828747bdd9c24d77e09854df54f
66f558d704f16300999826f2c369d2710da5b12d4b7b4199e3af92b21c8e09bf
aff53afbb407c1e40a0ba6585f686576edd4a13540f9d416bf152f94476588c5
372db1c46c51528dda1e2e6b8a7896a0f374ef5caa6df5b0877f9c18d54aef61
30b3952bd4f49fb1c1643e29c05af36d39ed26896c0011b48bdd16a5674cf362
ba066a534c66605e9c5c069d3ddff5ea0bfacd67b30ab980835ec5397a1c1829
13eb015e11f81acae8a3308ae8b60bfaf20f686cbbf3340ceb301724c2d5a0da
20a3ba4625887b29e3f6c24b0060ec26210b1b06449195a8592d231bd6bc48c0
718eb1a15f1b7aa9d13d1beb659c5205502fa8b150be3c87406e1083c1821afb
b2ef7c14625c83d1a129dff9ac557ee00938a942113e6d20815f1deca524cc38
31ed8c53ecb163ce6a01cc77670e6a5aab0f05793a020a5ce5b59022338807f6
59c5d1288d3fd68e886cdc085a55440c0dba08b091a784c1a7088ce2e2a805d8
64eacae11204f3f20d178939ea1af6c11d3ac186d68986563da230f6b2446578
ef96a3fe225f3fdc4fc2d1e6fa3a611be0f792fc7ff73e4db25dafb62c4d73c1
4e636412e15924c8cfaa51be169e3a49aa243299866854801765a79250252b33
80849414d4367892b38e6096b9ef591d97f59fd3ce77db07522b8e65dba78d14
460011bd0c072c7ad0ca87dac192236b6e070b4529fadfc55e0f31d394e4b3c9
182017f20b1e98d012a686b05abf67ff67ebee4bb3a5de31ac03bebec86cf75c
c20c9015ec3391e1b9ec4116f4f3dcef5ce4e707839d04768a132c9d38ba56b1
bb6194e6395a6eeecb4a871737573985cf5f08e674e81b7de675feb4dcffc2f8
a22494937a543c7e26c6b8eb20ee1f155ecdf305abebb32f78f060509140c08c
6ccc596a5bd8efbd2bf410c62f7c0c78fb7d60bc4da499a904ccfd1934dd5759
ccafa2b7567178b3ae1e92d5fd072564ee9010530f8b6cd321f9b0378a74105e
f5e1380410aa2eb6f6759ee151bab63c06af6e9185651d6e7be6f1ea8c626698
e4f99fd8c2242bdbdba461c6950de77005233ec449c439b04266571c18688803
06a67f112f847ef6fcdb8e81cff1a151f3a3ce4f08d12d57c9bb401be59f514d
f08b55a84e25e0378ecc6a460846c42930827d2696d3fcff5bc58372b90eaef7
b4279470c83decb519a16c1acd6fb668d32f011cd30b17805929d003ef6a4702
625ddb1724889de118ed1eae88e4c342d4d38e5b135ed1b097f5555042f0e9ea
8fde6dee762aa6429de83032a35bd9e347e55940dd21d6be60bfb411a47c2d3d
fba56d30b9434f11bb2be6dc0f8ccf80429850e49bf6e9128ba480ba0f0af64b
a2fd623129163eff2b6858ccf140ed3928357904c06c72d8d12f8dc8203b7505
5a3a7b57b192504ca051d8132e5a78d71731eea9cdbc7074fc010902b139629c
3930cbec1ffbf616a153597f388a58e8053f0f4dc1140984abe38b2060f3cade
86992f5c3c6be5869c2bb301aa219063c713c700eadd0f443434e73bcc55c2b9
74b87392947a04367bc0b4bdd9e815ed747304d01abf441fc7250b3e97c96264
9007222abed438a3bc49eb31184f7dbb80d59ff0b3bf9f7191fdb999e8bc76de
b4d196df0ebcd2fb930538f209e153759a8153e5ebe76c54c48a6b6407874744
260d3fc673221ba9db5773c91b1b8b22a01c050c38f602ca88ca924bcec9f512
1444fd62eafb534ddc3b732e9f07133b38c2aa86dcb3f52715daea7ca2d75388
cc7a4c5d3862dc17603f1eae225f7775b0ce638b36692734e7a0e182242d8342
27785e90fb9d12b109e90eab29e6df9a21026aa38cfac8534d36335fc7bbd39c
53870216d1ccfcfcc72ccc55b562ad0c2488a17fb1d3601dd2123a2be5ff344c
7eaadc9b9e997442376ddbb330aa04e68c3003634883c78dfac7942d7d820bc3
cf59e2990302dda99e63ab97d3474062cbcadcdeb0a546eca781f138220c9f5f
3cfa52f66565386848b3057671472f0151848977c770b2577f7cb8bac4f65cb3
bb0f591964a0be1589588085c2f6bb3c2a64a804a6d85d5dc0ff8696ef554ffc
47d421a393d86ffd285489a3c0bf823052e907eb89c7a6ddf9ba03779b960945
6a1dcc26ea51cb822a0c4f71682c4fc9a1605c2c7fdf711cdc8ffe77f77aeec6
3a90e1ec31f3e0cdee1e87e7ad6e7e32ef238b9794580c3bbe76e9a6d0f0aa0d
fece2399da019ae009324ff78371c168dd6a09e9e86556b8d10496135f5ef082
4e552a5509c2d07e5b1fca579f3588297515855a65efc09a8b454cc66874a1fd
1c61ca7dcb7fb936889a3a1404e23c3ce507b0394e68896224e0ecd67f906956
7f5bc567c9bb814ce2c53cc4d5ddfe2c88d54aa482fcb328f02baba07a3991ff
0a80b539c3544cea4be2be916a2c1c86390264d941ba873eb43f90eba682f782
31470a4770f337c4a470209760b92cfbc065e2850ff9cddfd1d5c972922edc8d
7cbb8136db04df3cbdad3b36d0b83896aca5822c7e8695ba580799534c7fbf0d
afe24a0eff34830714bf290b21f7291fc7000c57b9588ebc5ccb2d069ef0b2d6
3c1769ad786efc178640a7f744e02f048707c72b27d781531f64dd16e1822e9e
09b098f27500ac1e91b8ed2ea0e4d1d844cdbbd23f5b00bc97b3d555a570c3c1
bc4b6c56271d4f0fb76b61ef50ee8ca523d31a4495026dfe88a6d64ab201f0cb
2f2348283dd346326645ae7f303c7d3b59681d0984fda5e7b9fd7e1bbc3a082e
SH256 hash:
9f012522b8c72e94921cfb786158b8fd62df7bd5ed046034cfdfc312476480fe
MD5 hash:
7e9b968187ef15ebf73de6e06fa6ce6c
SHA1 hash:
892c7134153d632ce06409ebe658d5c13bcf4c65
Detections:
redline
Create hunting rule
Link:
https://www.unpac.me/results/2db839e4-e665-4242-93f7-28fc214477fc/
Parent samples :
ca2e28ee7e793e7748701bb3875d0e11fe24a1aacb9b3cdc1865c890423f51ae
ade76c27d8fcf82e28efe778f9e848f6da9ecd4bb2129bb59278d78b69523ad2
8152ede7f665910747fd8c2c3384e2b721f922c8b6e758882959355c2c7b9872
cd3bde9a06c3e79fb85e88a38d93c654f0d8941108581fa7b2b883a04bc9e0b0
8e9c17eef3b9aea25037691c41032485a6bc4b768861ac8da022ae30c76a494a
11fabd86822c10caf14f9e189d3071ea1355dd996e437eac8eef01a0e419302c
d23466023b353a7a281d06ef51d8c913c98a4f11d7a15e7a3cffd1b6d8f48fe0
cf461b4800e075e7587a844bbbab6b4b9ee987c73062b30a4d9734b736d96f59
011a59f49d5d2c8965bad3829cf84a924b6611e67cf7f3d31bb2031ca61ed9af
85d93c02c3dbe76faa87f61da66053378c117828747bdd9c24d77e09854df54f
aff53afbb407c1e40a0ba6585f686576edd4a13540f9d416bf152f94476588c5
372db1c46c51528dda1e2e6b8a7896a0f374ef5caa6df5b0877f9c18d54aef61
e41c229e0867cbb568885688a2fd451dbf5d6aba9716a88eee8ca3d121f864a0
ba066a534c66605e9c5c069d3ddff5ea0bfacd67b30ab980835ec5397a1c1829
718eb1a15f1b7aa9d13d1beb659c5205502fa8b150be3c87406e1083c1821afb
b2ef7c14625c83d1a129dff9ac557ee00938a942113e6d20815f1deca524cc38
64eacae11204f3f20d178939ea1af6c11d3ac186d68986563da230f6b2446578
80849414d4367892b38e6096b9ef591d97f59fd3ce77db07522b8e65dba78d14
c20c9015ec3391e1b9ec4116f4f3dcef5ce4e707839d04768a132c9d38ba56b1
d8ca145af54e7bcb192a6dfa2fa33fb4768e4addef33006cd9db07e904d47797
6ccc596a5bd8efbd2bf410c62f7c0c78fb7d60bc4da499a904ccfd1934dd5759
c1ede55045cab2fb4bd5795107bdd7b4676b2e6fb84beb96ed9f7f19087ea16e
e4f99fd8c2242bdbdba461c6950de77005233ec449c439b04266571c18688803
f08b55a84e25e0378ecc6a460846c42930827d2696d3fcff5bc58372b90eaef7
b4279470c83decb519a16c1acd6fb668d32f011cd30b17805929d003ef6a4702
2677c774f242077b7e9e993e319868da1b4f866d26ce6f3b372f9ce22aab9c32
354f8738a5b40b727a5444e967a8fee5b5b3a7bae28a3220da8a4128ec76967c
137adb7446c05bf3afa76713abd03152687a2f0152bce703323957cf643ff609
a2fd623129163eff2b6858ccf140ed3928357904c06c72d8d12f8dc8203b7505
940bcb282eb2e2ac6879970db04bc1e905a55c0d7501c0854b387707d4126ffb
2f7c46cbe80b9322afc3726904acd5cd41da00ba4db137a0a2f3514d9637f8a5
e603afeaa64ed35891efdc7491d261a7fa08e55c1b7b72beec66d6de10db9728
8858454db0f0b8ceba934276cbe76f5bdae1814cffe3db3d7d95463f72bb9155
337992efecb0d42f7870b45e4fa5dfd20363e2d5bd14f8652bfe468493003e45
74b87392947a04367bc0b4bdd9e815ed747304d01abf441fc7250b3e97c96264
c92f9391efa6bbd3697ac59ee8837e9ded146312114c1166938f0d615f404a16
a0838c7ac117ab7353907da659691c2958f00924a3c02ccf83ae201c53d6c16b
cc7a4c5d3862dc17603f1eae225f7775b0ce638b36692734e7a0e182242d8342
27785e90fb9d12b109e90eab29e6df9a21026aa38cfac8534d36335fc7bbd39c
2334d95f98cf6832b2f2366baf5c91cb5794f46521e6295b4c25660b67d1d0f0
ece35da17dec46f8d96e6a9b77f9589666676966c688ff71dfcd8163cf860212
bb0f591964a0be1589588085c2f6bb3c2a64a804a6d85d5dc0ff8696ef554ffc
47d421a393d86ffd285489a3c0bf823052e907eb89c7a6ddf9ba03779b960945
a40f907c04b2e1244e62a9bdc0255bf6bcd78baacc864315441c2fc89c269e77
bde0941c310a6de29c1b00fdab967efda8f7565a09e88d16c28012f344fbf7ce
6a1dcc26ea51cb822a0c4f71682c4fc9a1605c2c7fdf711cdc8ffe77f77aeec6
3cb52d16adb341e6d6e032f37c806cc5ce36e5a82e2f909652303f22f0224c2a
22366b7576c136a689d93ce8a26f91db9af961240479dcd5a97fca274c297fb4
fb54d1271121a6797d126e9c9301cc7705bac0a1403163ced20a8914b3cc8bb8
c49c03e77064afb17321161be82eb471b52e872bdb0e1d93489e353a68182e5e
85e7a7f1c32e5d4d270c59b9dd23175e06a3fa8a001c3e56704f511a859c032e
25d21e4fc131a2fc482ad5257402e435f9679e6037797884e5d1ab13a8890d0a
1c61ca7dcb7fb936889a3a1404e23c3ce507b0394e68896224e0ecd67f906956
7f5bc567c9bb814ce2c53cc4d5ddfe2c88d54aa482fcb328f02baba07a3991ff
31470a4770f337c4a470209760b92cfbc065e2850ff9cddfd1d5c972922edc8d
c7f0fa38597897f4189ada17388885d6647ea70e2dfc7a1640f12ffcbde4296c
110fa1a801402e53adb9b534a9494bfb1be063e96f5a37f227d330a43c04e3fd
09b098f27500ac1e91b8ed2ea0e4d1d844cdbbd23f5b00bc97b3d555a570c3c1
ce5e75077840abb3d32d35eb8889f85e9aa2833c59288db001a0eac27dc07049
SH256 hash:
80ab837385a18dee308ca63438e8e8fe558c132492a29b6cf1fa631d2aa323a1
MD5 hash:
0306584913ea55f3b5f06c09003e23af
SHA1 hash:
3b8e2bf425cfb423cea25c10c9813ee082c43bbd
Link:
https://www.unpac.me/results/2db839e4-e665-4242-93f7-28fc214477fc/
SH256 hash:
372db1c46c51528dda1e2e6b8a7896a0f374ef5caa6df5b0877f9c18d54aef61
MD5 hash:
e698bb5976d0cb81dfa0dc89a95a825a
SHA1 hash:
b218cc48fbea36f3c991659c858cb768a539e264
Link:
https://www.unpac.me/results/2db839e4-e665-4242-93f7-28fc214477fc/
Malware family:
RedNet
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/372db1c46c51/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/372db1c46c51528dda1e2e6b8a7896a0f374ef5caa6df5b0877f9c18d54aef61

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:MALWARE_Win_RedLine
Create hunting rule
Author:ditekSHen
Description:Detects RedLine infostealer
Rule name:pdb_YARAify
Create hunting rule
Author:@wowabiy314
Description:PDB
Rule name:Windows_Trojan_Smokeloader_3687686f
Create hunting rule
Author:Elastic Security

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe 372db1c46c51528dda1e2e6b8a7896a0f374ef5caa6df5b0877f9c18d54aef61

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2562862/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/372949/

Comments