MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3a6c6ec5b5e168e0452009714a8d37581459b8d386c26ef69c98a6802d5e65d6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 7


Intelligence 7 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3a6c6ec5b5e168e0452009714a8d37581459b8d386c26ef69c98a6802d5e65d6
SHA3-384 hash: 7d46c89d369cb7d97e5e80c361a1f2ffd1b899607ee36bb588589ea73add9f698cd4373d739c9b0c1ae3a1f49b18f0e7
SHA1 hash: 4504807170c1dca310b1f10253186fd3e4664130
MD5 hash: fcc5aaee3cd020a1be8eec599ad48a06
humanhash: carolina-quebec-wyoming-twelve
File name:SecuriteInfo.com.Trojan.GenericKD.37253424.5461.14545
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:650'752 bytes
First seen:2021-07-18 15:45:21 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'740 x AgentTesla, 19'600 x Formbook, 12'241 x SnakeKeylogger)
ssdeep 12288:Jo/HKC+5BO6VEzN1AAxhsibHeSfWld1ShehN/8gL73Sv:JIHKCU6zNfxh5bpfWljSIhN/8gPCv
Threatray 866 similar samples on MalwareBazaar
TLSH T1DDD46B05FAC09959E55AD536C38B041BC7B4B87136A3E323B8B932A94D1DF52A80DCF7
Reporter SecuriteInfoCom
Tags:exe RedLineStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
109
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
60f41f_Avanset-VCE-Exa.zip
Verdict:
Malicious activity
Analysis date:
2021-07-18 12:34:50 UTC
Tags:
evasion trojan loader stealer vidar rat redline phishing amadey keylogger agenttesla raccoon danabot
Link:
https://app.any.run/tasks/34527546-5424-4ad3-b953-2b0543c1b371

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/172425/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.37253424.5461.14545.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/fdfc9322-8ef1-4629-9d69-386d2b10791b
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/817939
Signature
.NET source code contains method to dynamically call methods (often used by packers)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3a6c6ec5b5e168e0452009714a8d37581459b8d386c26ef69c98a6802d5e65d6/
Threat name:
ByteCode-MSIL.Infostealer.ClipBanker
Create hunting rule
Status:
Malicious
First seen:
2021-07-17 20:46:43 UTC
File Type:
PE (.Net Exe)
Extracted files:
29
AV detection:
20 of 46 (43.48%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
06c8996db7925f8eba3f2e8c64b7b80a5d7a896733c9bd479336ed0cd13d19df
RedLineStealer
102af82a3e7b2d394bac5a80c4f97cdafe9be52bca002e1d824c810c8a760794
RedLineStealer
61cc2e2bee105d20d5550eb96a5e755407e284c6f1bea03e60f5b23896f59a87
RedLineStealer
83836ff69fc304d684edf3d394d45f0d2a8755a4de2d0fd6b06261ffe9336ed7
RedLineStealer
9169cc1093e14262e9d08db10152ee815f88ed87d12bc7b934c3645d23f347ea
RedLineStealer
97c558bcbdaf21258e91098900d19e1ba944379a779a6a7c57aec46ea3de5438
RedLineStealer
a01cd6294d3b5bdf73771b113493d8a5c2df3f105db7d084b0729345a32a4453
RedLineStealer
c8f9155cc97bde13afcdba0abd2264f8a91c73c39a8cfb4f8559a8276237e708
RedLineStealer
cf1a8304da78b6286a412d33ef3e0390949eb83e5b08ad63c006ed578d5d4c95
RedLineStealer
e6df8346cb599d0947c86555aeb55d98dc665448222e383f2384789e78d9e3e6
RedLineStealer
+ 856 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/210718-kmkaz9ks2x/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Unpacked files
SH256 hash:
ed78c0215770a1d81e93e816f12d24da66c4e2ebb92ad6a6797835b656b23a84
MD5 hash:
ab80556c0336ef0b9ad8e2acbe7be1ed
SHA1 hash:
25bec7d68c442f214a6f776e1bc8f271ae4b9778
Link:
https://www.unpac.me/results/48187cb6-e030-453b-8e42-952f62cfba9d/
SH256 hash:
fe3bc175c4c1615a86d28669fb093a0cf8e7e5d1f339c4e7b968afd7b834e1a9
MD5 hash:
dd063a58042ca8edeec073edf7244d48
SHA1 hash:
796a0e94b6199784edde1a4c7ce042cd97115e9a
Link:
https://www.unpac.me/results/48187cb6-e030-453b-8e42-952f62cfba9d/
SH256 hash:
e6bfe9099cec088cc4903c9e22238aef2ed5b55a890d6417c6413f5272fa3327
MD5 hash:
59baab137837558dc24bc0fbe9d8e52a
SHA1 hash:
cc3f47f9174547dc2d6a31b7f8ac0573491eb74f
Link:
https://www.unpac.me/results/48187cb6-e030-453b-8e42-952f62cfba9d/
SH256 hash:
60c2eaa1a27fab2b7f1a2b8c65495669307a6840fa9e2a7dc7ea2684390683a0
MD5 hash:
5ca6b863d46baddce8384457a940904d
SHA1 hash:
f9ad51169b0fcf8e5951b7d2377bf4e622fde763
Link:
https://www.unpac.me/results/48187cb6-e030-453b-8e42-952f62cfba9d/
SH256 hash:
3a6c6ec5b5e168e0452009714a8d37581459b8d386c26ef69c98a6802d5e65d6
MD5 hash:
fcc5aaee3cd020a1be8eec599ad48a06
SHA1 hash:
4504807170c1dca310b1f10253186fd3e4664130
Link:
https://www.unpac.me/results/48187cb6-e030-453b-8e42-952f62cfba9d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.79
Link:
https://yomi.yoroi.company/submissions/3a6c6ec5b5e168e0452009714a8d37581459b8d386c26ef69c98a6802d5e65d6

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe 3a6c6ec5b5e168e0452009714a8d37581459b8d386c26ef69c98a6802d5e65d6

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1463744/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/172425/

Comments