MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 41d2f9ef245a688081894e9983a5094d9beb6d84bda7d057ecc15a247aea6a06. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RedLineStealer

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	41d2f9ef245a688081894e9983a5094d9beb6d84bda7d057ecc15a247aea6a06
SHA3-384 hash:	cdf1c81052160b83864ab0146c668a3ad8efa8d30ec69040bfd2720dd9370a1b8149d339eb613c5f65a2deeba73dced4
SHA1 hash:	c53e527afdaf254b01cbd777a9fdcbb662b2be85
MD5 hash:	e0632c73f8a2b0687f357fa424e9dbb1
humanhash:	beer-rugby-alpha-pip
File name:	e0632c73f8a2b0687f357fa424e9dbb1.exe
Download:	download sample
Signature	RedLineStealer Create hunting rule
File size:	588'288 bytes
First seen:	2020-06-28 07:20:09 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	48a1546617037550627340747d2c151e (4 x RedLineStealer)
ssdeep	12288:/SLX54sz4aBGJKFOrzgSfckbQGLDLnRrZ13AQn4EjIh8G:/2534aBGJKFbiz8GLdZ1QQn4/8G
Threatray	38 similar samples on MalwareBazaar
TLSH	A2C412227285D035D1E32171D422EA621775B8B1577191CB3B97272FAF702A0AF73B36
Reporter	abuse_ch
Tags:	exe RedLineStealer

abuse_ch

RedLineStealer payload URL:
http://greenpalace.top/brazi/testoviyjuki.exe

RedLineStealer C2:
http://195.161.114.33/IRemotePanel

Intelligence

File Origin

# of uploads :

1

# of downloads :

91

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/15147/

Detection(s):

SecuriteInfo.com.Malware.PDB-11.UNOFFICIAL

PUA.Win.Downloader.Aiis-6803892-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

Creating a window

Sending a custom TCP request

Creating a file in the %AppData% subdirectories

Sending an HTTP GET request to an infection source

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/41d2f9ef245a688081894e9983a5094d9beb6d84bda7d057ecc15a247aea6a06/

Threat name:

Win32.Trojan.CryptInject

Status:

Malicious

First seen:

2020-06-28 00:38:24 UTC

AV detection:

27 of 29 (93.10%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=ihjpt3zeljuibamjj2myhjijjwn6w3mexwt5av7myfnci6xknida._file

Verdict:

suspicious

Similar samples:

0fc6717ef7ff0ae8d2a2add4303127af4693cfa5abb81a5a3a3e06b079051b8e

1c76b631dd54f736e8bf3c822ab85e167c91fa18f19b7f38cc57e0aa4cfb6511

358178b74d9ff1457dab5015e5d10aa18a3b95d50a5a821568886672dfde97f3

3cdd5ac1f77cc8ff3004c12ab7509caa9a451594768de26fee42ab76c609c239

44ccaaf3cc76edd1e184d8c65b13db79638fcbf8ed37b5883c34a1a8a7700901

5b5eab7a12fdfc6cc39e39193b7a9020ee46e72acac70033236ef9b6b2da32c7

6c90f16a6932be921cbb44b9e4531cf36e5ded6d5dd0016c4309a56ab8a96461

8499aa17997bfbe03592e33e82df1c674f1b57ba3d372355e690b9468ea6fea2

ba244c534e6a0eedb496e840881c5401c3640fc317b601da17ca84570e1e181a

f2f2725fc1a43dbacb8fcbf59fe0500f0ef9d9f7f8d6a6a0745b800f006e7a39

+ 28 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

6/10

Tags:

evasion spyware trojan

Link:

https://tria.ge/reports/200628-zacf1cvvhs/

Behaviour

Checks processor information in registry

Legitimate hosting services abused for malware hosting/C2

Modifies system certificate store

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

URLhaus

https://urlhaus.abuse.ch/url/401438/

Cape

Cape

https://www.capesandbox.com/analysis/15147/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample