MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4324d30a2941dae5e598e92fb88724aca1df89a6d65f383afda113714673e53f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RedLineStealer

Vendor detections: 14

Intelligence 14 IOCs YARA File information Comments

SHA256 hash:	4324d30a2941dae5e598e92fb88724aca1df89a6d65f383afda113714673e53f
SHA3-384 hash:	61e5650eeffcfbc2ff12c5e0b7e834d8e399b896ba2a4c204b9b76d9440da90f138f2a894a34d3c489919d4d545f79e6
SHA1 hash:	a4d919c685d402973859d54a2946989f1dad331a
MD5 hash:	7cdf4dcd1fa4323d211d76efdd5dfe59
humanhash:	utah-aspen-ten-speaker
File name:	7cdf4dcd1fa4323d211d76efdd5dfe59.exe
Download:	download sample
Signature	RedLineStealer Create hunting rule
File size:	393'216 bytes
First seen:	2023-12-15 18:19:46 UTC
Last seen:	2023-12-15 20:18:00 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	b6b92d8e0e28f085bdd63ff205929f6e (1 x RedLineStealer)
ssdeep	6144:OV6vcmjBAhgF/nNouldAO0ggc+77KznVKEHwRsHlb:Fvcm9Nqi4EFHx
Threatray	114 similar samples on MalwareBazaar
TLSH	T11C84AE04B3F24071C5A2273209E88B755A2FEC64B7F05D9B5B844F6E4B122AFE3B15B5
TrID	47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 15.9% (.EXE) Win64 Executable (generic) (10523/12/4) 9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 7.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter	abuse_ch
Tags:	exe RedLineStealer

Intelligence

File Origin

# of uploads :

2

# of downloads :

274

Origin country :

NL

Vendor Threat Intelligence

Malware family:

smoke

ID:

1

File name:

20b45006d95c15c4f0cab113b928202f.exe

Verdict:

Malicious activity

Analysis date:

2023-12-15 06:11:16 UTC

Tags:

risepro stealer evasion loader smoke smokeloader lumma redline stealc

Link:

https://app.any.run/tasks/3c3fa926-750d-4e30-a2b5-348785012bad

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/467683/

Detection(s):

SecuriteInfo.com.Trojan.PWS.Siggen3.34781.22626.20304.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

Sending a custom TCP request

Gathering data

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

control lolbin stealer

Link:

https://www.filescan.io/uploads/657c98d8d48681e0d661d4f3/reports/bcb60f2d-e4eb-486b-9d3f-e4267e4841fb/overview

Verdict:

Malicious

Labled as:

Trojan.Generic

Link:

https://www.hybrid-analysis.com/sample/4324d30a2941dae5e598e92fb88724aca1df89a6d65f383afda113714673e53f

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

RedLine Stealer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/11fede2b-4617-457b-a099-870d574d3ba3

Result

Threat name:

RedLine

Detection:

malicious

Classification:

troj

Score:

68 / 100

Link:

https://www.joesandbox.com/analysis/1362901

Signature

.NET source code contains very large array initializations

C2 URLs / IPs found in malware configuration

Found malware configuration

Machine Learning detection for sample

Yara detected RedLine Stealer

Behaviour

Behavior Graph:

Score:

100%

Verdict:

Malware

File Type:

PE

Link:

https://malprob.io/report/4324d30a2941dae5e598e92fb88724aca1df89a6d65f383afda113714673e53f

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/4324d30a2941dae5e598e92fb88724aca1df89a6d65f383afda113714673e53f/

Threat name:

Win32.Trojan.Smokeloader

Status:

Malicious

First seen:

2023-12-15 06:12:13 UTC

File Type:

PE (Exe)

AV detection:

22 of 37 (59.46%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=imsngcrjihnolzmy5ex3rbzevsq57cng2zptqox5uejxcrtt4u7q._file

Verdict:

malicious

Similar samples:

01b29eff3523ae2d4e8598e07d377e711e82a6ffb014ca3f070ff3dc0982e20a

71f6b3298f2cfce43078dda3cc68838bc926275d278ca8c116da27e9467a0ba2

94abe0de06a856e4e5088eb13028648466bbcfe2ba9edd40cda8912fe7d86e83

b102410e9081cfbd826fad8e2ece21cf24f75dcc7ba329129660528d5b2eda91

c9491f5eb282daf6b536f515cc9e1032af62919e727442c4e7ecbca2e9d8f8b0

+ 104 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/231215-wyrp5aaaf6/

Unpacked files

SH256 hash:

4324d30a2941dae5e598e92fb88724aca1df89a6d65f383afda113714673e53f

MD5 hash:

7cdf4dcd1fa4323d211d76efdd5dfe59

SHA1 hash:

a4d919c685d402973859d54a2946989f1dad331a

Link:

https://www.unpac.me/results/e81a2339-ddd7-42a2-a2b7-0f3885b63d3d/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/4324d30a2941dae5e598e92fb88724aca1df89a6d65f383afda113714673e53f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/467683/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample