MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 460d5aa48b9a922f9b8789e0b3373d861b54ec304a900468e2af3721d3d549eb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 10


Intelligence 10 IOCs 1 YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 460d5aa48b9a922f9b8789e0b3373d861b54ec304a900468e2af3721d3d549eb
SHA3-384 hash: 42c453a6d9d91ef94f43be6e5fc14fee3ddddc094537f1185bd3b68483cd2096bc0dfed8cd833fbe138a73b49998f7b4
SHA1 hash: a367d0666319f331077c61de311a592d6a73920c
MD5 hash: 425b060de48dd60bb23dcd38b8be95f4
humanhash: bluebird-florida-charlie-zulu
File name:Fornitee Hack.bin
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:1'447'296 bytes
First seen:2022-07-14 08:12:16 UTC
Last seen:2022-07-14 09:38:45 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 2bd4b8620ae035f6bf279b34fa17fcf7 (23 x RedLineStealer, 2 x Formbook, 1 x RecordBreaker)
ssdeep 24576:mOX/w5cXnae6Pl0Y3YWgesFL1M0fdlb1Z6la+zgIr76XsI5L3:9XYcae6uhR+zgIr76XsI57
TLSH T111657D29EB0615B4DA23577185DEEB7B9B147A248036AF3FFF4BEB08A4330163C85156
TrID 36.9% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
23.5% (.EXE) Win64 Executable (generic) (10523/12/4)
11.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
10.0% (.EXE) Win32 Executable (generic) (4505/5/1)
4.5% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter KdssSupport
Tags:exe RedLineStealer


Avatar
KdssSupport
Uploaded with API

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
185.106.92.139:16578 https://threatfox.abuse.ch/ioc/836953/

Intelligence

File Origin
# of uploads :
3
# of downloads :
259
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
redline
Create hunting rule
ID:
1
File name:
Fornitee Hack.exe
Verdict:
Malicious activity
Analysis date:
2022-07-13 21:16:07 UTC
Tags:
trojan rat redline loader
Link:
https://app.any.run/tasks/73256316-d6ad-4513-940d-44c1c6cc15bd

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/289067/
Detection(s):
SecuriteInfo.com.Variant.Fragtor.116151.27127.12.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Sending a custom TCP request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-debug
Link:
https://www.filescan.io/uploads/62cfd01a01fde6ede681723e/reports/7e10bf3a-cb17-4c1b-9f33-40820a99b39c/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1031163
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 663658 Sample: Fornitee Hack.bin Startdate: 14/07/2022 Architecture: WINDOWS Score: 48 10 Multi AV Scanner detection for submitted file 2->10 6 Fornitee Hack.exe 1 2->6         started        process3 process4 8 conhost.exe 6->8         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/460d5aa48b9a922f9b8789e0b3373d861b54ec304a900468e2af3721d3d549eb/
Threat name:
Win32.Trojan.Redlinestealer
Create hunting rule
Status:
Malicious
First seen:
2022-07-14 08:13:12 UTC
File Type:
PE (Exe)
AV detection:
21 of 26 (80.77%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=iygvvjeltkjc7g4hrhqlgnz5qynvj3bqjkiai2hcv43sdu6vjhvq._file
Result
Malware family:
redline
Create hunting rule
Score:
  10/10
Tags:
family:redline botnet:donottouchmysquad infostealer spyware suricata
Link:
https://tria.ge/reports/220714-j3zv3sghg3/
Behaviour
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Accesses cryptocurrency files/wallets, possible credential harvesting
Loads dropped DLL
Downloads MZ/PE file
Executes dropped EXE
RedLine
RedLine payload
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
Malware Config
C2 Extraction:
185.106.92.139:16578
Unpacked files
SH256 hash:
5cf63e8035737740d4cfd06739209ecc7916e2c4bc00cca290a630c696eaa445
MD5 hash:
ea48773d808a48291795c7ed139bb7f8
SHA1 hash:
d19d34294ccedbcab49d6c5c020e62e36be5c481
Link:
https://www.unpac.me/results/635d9bd9-dd20-4746-b7c8-eb36b291cc3f/
SH256 hash:
460d5aa48b9a922f9b8789e0b3373d861b54ec304a900468e2af3721d3d549eb
MD5 hash:
425b060de48dd60bb23dcd38b8be95f4
SHA1 hash:
a367d0666319f331077c61de311a592d6a73920c
Link:
https://www.unpac.me/results/635d9bd9-dd20-4746-b7c8-eb36b291cc3f/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/460d5aa48b9a922f9b8789e0b3373d861b54ec304a900468e2af3721d3d549eb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe 460d5aa48b9a922f9b8789e0b3373d861b54ec304a900468e2af3721d3d549eb

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/289067/

Comments