MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 458d776a78396a0b2a3a7f2a66304e5ceb05038b50ad936cecaeba7c584807db. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 458d776a78396a0b2a3a7f2a66304e5ceb05038b50ad936cecaeba7c584807db
SHA3-384 hash: 14c21a527ea573067a78045dfcdd649e8205f7d500fa976d2d8ba8773dd2ecb71e6e65962213d72e680dccb015ce70f1
SHA1 hash: 86b2e10d572be2c3d05a4b0fc3a2f441fd30d38b
MD5 hash: 0e466b730016adff5bcf8b6abfdb5dc8
humanhash: william-alabama-indigo-fix
File name:0e466b730016adff5bcf8b6abfdb5dc8.exe
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:988'160 bytes
First seen:2020-06-30 13:50:37 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 2302c7d2bec8288d05bcff6e73d703af (2 x RaccoonStealer, 1 x RedLineStealer)
ssdeep 24576:bLRJ9l8A4gOEcGFnfKXmlBf72RhDS6BRirYHGCq:vvOcFf9f72zS6BRirwGC
TLSH 8E2512313381DC70D4826430F924D6B06F6DBC7355B566877BA87F3F2E726C1162A2AA
Reporter abuse_ch
Tags:exe RedLineStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/17255/
Detection(s):
SecuriteInfo.com.Malware.PDB-11.UNOFFICIAL
Create hunting rule

PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/458d776a78396a0b2a3a7f2a66304e5ceb05038b50ad936cecaeba7c584807db/
Threat name:
Win32.Trojan.CryptInject
Create hunting rule
Status:
Malicious
First seen:
2020-06-30 12:41:46 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=iwgxo2tyhfvawkr2p4vgmmcoltvqka4lkcwzg3hmv25hywcia7nq._file
Verdict:
unknown
Result
Malware family:
redline
Create hunting rule
Score:
  10/10
Tags:
infostealer family:redline evasion spyware trojan discovery
Link:
https://tria.ge/reports/200630-cyllxsvw7j/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Kills process with taskkill
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Looks up external IP address via web service
Modifies system certificate store
Checks for installed software on the system
Reads user/profile data of web browsers
RedLine
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe 458d776a78396a0b2a3a7f2a66304e5ceb05038b50ad936cecaeba7c584807db

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/401438/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/17255/

Comments