MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3eeb8bb0905f658479a40650e25286aa0d99d249280443482597edbaf47d7678. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3eeb8bb0905f658479a40650e25286aa0d99d249280443482597edbaf47d7678
SHA3-384 hash: 40e15a39c16ec9ad198b95721529370afcacfa4a31e9d8b6de91ace09e8cb68a2a4e2356d5fa8815f584fc7e48f916ac
SHA1 hash: 5ace2ebb63e05edfebda61bb6a9429e23de17e1a
MD5 hash: 123e3a0d23d0e19c76f0b7067ae2add3
humanhash: saturn-blossom-cola-illinois
File name:123e3a0d23d0e19c76f0b7067ae2add3.exe
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:399'872 bytes
First seen:2022-01-24 07:01:28 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 2ea46fd288209af535efaef075889460 (2 x RedLineStealer, 1 x GrandaMisha, 1 x Smoke Loader)
ssdeep 6144:myLIIYdV60gU5bzs7frvS0/aMDOG4zSgnoYPkfN:my8IGVFz5bMO4aMDOvSSoTN
Threatray 5'746 similar samples on MalwareBazaar
TLSH T1678401217690C477C48612B4692A8FF11E7DBB300DA4458732E51B6EAF313D16AA3F6F
File icon (PE):PE icon
dhash icon fcf8b4b4b494d9c1 (17 x Smoke Loader, 8 x RedLineStealer, 6 x Amadey)
Reporter abuse_ch
Tags:exe RedLineStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
192
Origin country :
n/a
Vendor Threat Intelligence
Detection:
RedLine
Create hunting rule
Link:
https://www.capesandbox.com/analysis/221832/
Detection(s):
Win.Malware.Mikey-9917879-0
Create hunting rule

Win.Packed.Lockbit-9919158-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware
Link:
https://www.filescan.io/uploads/61ee4ef00f8c757253e0f0bf/reports/7d2fc3b3-59f9-4c37-b37d-b2ad8337ea46/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/c189be01-bf38-4de0-b1fb-3963ba2a8f23
Result
Threat name:
RedLine
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/926069
Signature
Antivirus detection for URL or domain
Detected unpacking (overwrites its own PE header)
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Yara detected RedLine Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3eeb8bb0905f658479a40650e25286aa0d99d249280443482597edbaf47d7678/
Threat name:
Win32.Ransomware.StopCrypt
Create hunting rule
Status:
Malicious
First seen:
2022-01-24 06:05:00 UTC
File Type:
PE (Exe)
Extracted files:
29
AV detection:
25 of 28 (89.29%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=h3vyxmeql5syi6neazioeuugvigztusjfacegsbfs7w3v5d5oz4a._file
Verdict:
malicious
Similar samples:
1e061432a06c9e4935cd837118e5d68d79ec6c6bbdddcc40d8682e50db7344fa
RedLineStealer
24d0c7fc16543210f15df3cac94b24d5454b30249a48d91056eb52b111978616
RedLineStealer
5e1626ac3140548619efba38a154b98234080908158378ad2e7e4af9e92cfbb8
RedLineStealer
9d2802ae1bc562601d8ca7ed750d4a14b33109c92c1f7458aea34fb5330942d3
RedLineStealer
bfbb5f477e58c173f83ab157415782b680694c9ba43d20bef89dda58bc840c06
RedLineStealer
d6f82559be32a5739fd1c6a1eade697c8d90c331ec31cc7690dd2fdb4e70ab74
RedLineStealer
+ 5'736 additional samples on MalwareBazaar
Result
Malware family:
redline
Create hunting rule
Score:
  10/10
Tags:
family:redline botnet:sewpalpadin infostealer
Link:
https://tria.ge/reports/220124-htsvqsdfcq/
Behaviour
Suspicious use of AdjustPrivilegeToken
RedLine
RedLine Payload
Malware Config
C2 Extraction:
185.215.113.29:26828
Unpacked files
SH256 hash:
c168005ed99a1ad9e1b58da3a66daa2a4a4ffe08dde1d994dc62356749fb65e1
MD5 hash:
ce8ca6f9d8b989183690e7a6cf124f33
SHA1 hash:
c5d3aa4389375841dac60cfbc486a075af52631e
Link:
https://www.unpac.me/results/5ef01ac2-bc44-4eba-afc0-c064d8ee8847/
SH256 hash:
d32f8e57191a72fc39c5db3ce6ba69d6bd3cfc56e81212807155cefa1f4a0d3a
MD5 hash:
b364f620818d47f1e0bfce918167da8e
SHA1 hash:
4b6bed4ea0100a037445636311bccc3482ec0f90
Link:
https://www.unpac.me/results/5ef01ac2-bc44-4eba-afc0-c064d8ee8847/
SH256 hash:
5e045820d88c6fb22de1cb1f85898b9c891f62e8a9bf55e39ac1f085f715cbc9
MD5 hash:
e6ce754be7fc44c782f55a857b45f035
SHA1 hash:
13c3c4c8401a46af5cdd0f3cab18908fde281afb
Link:
https://www.unpac.me/results/5ef01ac2-bc44-4eba-afc0-c064d8ee8847/
SH256 hash:
3eeb8bb0905f658479a40650e25286aa0d99d249280443482597edbaf47d7678
MD5 hash:
123e3a0d23d0e19c76f0b7067ae2add3
SHA1 hash:
5ace2ebb63e05edfebda61bb6a9429e23de17e1a
Link:
https://www.unpac.me/results/5ef01ac2-bc44-4eba-afc0-c064d8ee8847/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3eeb8bb0905f658479a40650e25286aa0d99d249280443482597edbaf47d7678

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe 3eeb8bb0905f658479a40650e25286aa0d99d249280443482597edbaf47d7678

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1850153/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/221832/

Comments