MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 380e2a5c9efcce0864768f25485e223641d0fda3ee1ab1d2263cdf83efe8cc9b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	380e2a5c9efcce0864768f25485e223641d0fda3ee1ab1d2263cdf83efe8cc9b
SHA3-384 hash:	f83962214c429647caa5b70a57ae8837ab478c5ae9afa15b7e4b75690ad4200f0db45e799a84cf94f61f470087f08e1a
SHA1 hash:	463d1de42d09636afc81b989ebf93d53988d86e7
MD5 hash:	bc254c5fd6fc05ccc7f9386418259313
humanhash:	two-robert-hamper-black
File name:	655e3903f52425e357d27eac6c824b17e569508249e37d718d16372802c124bb.zip
Download:	download sample
Signature	RedLineStealer Alert Create hunting rule
File size:	88'923 bytes
First seen:	2023-01-12 08:47:53 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
Note:	This file is a password protected archive. The password is: infected
ssdeep	1536:zP224wMQEFK26daCKUtZjOBYluT5gDXjW+oqXD+rsJq5c8D08oDp8:zh4ZK26IUuC7jWu+rrvUDu
TLSH	T1E19302F4E39670429A58822B65F8DCC4D2B87D3D02702568BEB0DDF104BC4B59C6A9C9
TrID	80.0% (.ZIP) ZIP compressed archive (4000/1) 20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter	prim4th
Tags:	exe RedLineStealer zip

prim4th

Exe-dropper extracted from original 6e1c4a1708e8e2ee40e95fb5fde40aed9ede85f5c04021b4b293ae44ef976dac

Intelligence

---

File Origin

# of uploads :

1

# of downloads :

183

Origin country :

UZ

File Archive Information

This file is a password protected archive. The password is: infected

This file archive contains 2 file(s), sorted by their relevance:

Relevant files 2

File name:	32512
File size:	20 bytes
SHA256 hash:	cd0991dd595a1392452a8c7ccf089e73626bc6eed1fd3f54ee4c6aa7ffbaedba
MD5 hash:	38388dda6548693f4d42f2241a4218d7
MIME type:	application/octet-stream
Signature	RedLineStealer

File name:	655e3903f52425e357d27eac6c824b17e569508249e37d718d16372802c124bb
File size:	254'976 bytes
SHA256 hash:	655e3903f52425e357d27eac6c824b17e569508249e37d718d16372802c124bb
MD5 hash:	e502b38fa2d86b5aa65341eeccf418ce
MIME type:	application/x-dosexec
Signature	RedLineStealer

Vendor Threat Intelligence

DocGuard Unknown

Result

Verdict:

Unknown

File Type:

PE File

Link:

https://app.docguard.net/380e2a5c9efcce0864768f25485e223641d0fda3ee1ab1d2263cdf83efe8cc9b/results/dashboard

FileScan.IO No Threat

Verdict:

No Threat

Threat level:

  2/10

Confidence:

100%

Tags:

packed stealer

Link:

https://www.filescan.io/uploads/63bfc9435b0ac9b61b511123/reports/a35a1d3b-c6cb-42f2-a76a-71b49fb3f900/overview

InQuest MALICIOUS

Result

Verdict:

MALICIOUS

Link:

https://labs.inquest.net/dfi/sha256/380e2a5c9efcce0864768f25485e223641d0fda3ee1ab1d2263cdf83efe8cc9b

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/380e2a5c9efcce0864768f25485e223641d0fda3ee1ab1d2263cdf83efe8cc9b/

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=hahcuxe67thaqzdwr4suqxrcgza5b7nd5ynldurghtpyh37izsnq._file

Hatching Triage redline

Result

Malware family:

redline

Alert

Create hunting rule

Score:

  10/10

Tags:

family:redline botnet:debra infostealer

Link:

https://tria.ge/reports/230112-laq4ksbd5z/

Behaviour

Suspicious use of AdjustPrivilegeToken

RedLine

RedLine payload

Malware Config

C2 Extraction:

62.204.41.211:4065

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Redline

Threat name:

Redline

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/380e2a5c9efcce0864768f25485e223641d0fda3ee1ab1d2263cdf83efe8cc9b