MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 46ba1967983d6f567a10712f1814d4cad0af421aeb1c25a943a7ceb4d1195037. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RedLineStealer

Vendor detections: 10

Intelligence 10 IOCs YARA 1 File information Comments 1

SHA256 hash:	46ba1967983d6f567a10712f1814d4cad0af421aeb1c25a943a7ceb4d1195037
SHA3-384 hash:	ace203bf11761dcdbc42daf9cfc33759d41af5f68f0d7ae64a5b8a913ffde344b74dba46c831d104906707f0b2bccede
SHA1 hash:	ca41f1d08d016a147bab37879ddf4722debf4549
MD5 hash:	c2c05cd6cacb0f2fc7ef5c883294c88c
humanhash:	california-chicken-helium-delaware
File name:	c2c05cd6cacb0f2fc7ef5c883294c88c
Download:	download sample
Signature	RedLineStealer Create hunting rule
File size:	2'375'168 bytes
First seen:	2021-08-11 02:07:21 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	bf5a4aa99e5b160f8521cadd6bfe73b8 (434 x RedLineStealer, 31 x AgentTesla, 12 x DCRat)
ssdeep	49152:akQTAcFdGlHVoN1QxECXsgrVJZ4Uy7GQe8v51637ORB+G9bmp:aacFdGCcxEaPZY7GQTv5GORVmp
Threatray	1'485 similar samples on MalwareBazaar
TLSH	T168B5236A3691E5B3C1720B3605E5CBAB9E78B432475899E3BACC371DAF702E152371C4
dhash icon	71cc8eb2b2caf268 (1 x RedLineStealer)
Reporter	zbetcheckin
Tags:	32 exe RedLineStealer

Intelligence

File Origin

# of uploads :

# of downloads :

106

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

c2c05cd6cacb0f2fc7ef5c883294c88c

Verdict:

No threats detected

Analysis date:

2021-08-11 02:08:37 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/73facb0e-88d9-4d20-9df9-4b19e42e50b1

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

RedLine

Link:

https://www.capesandbox.com/analysis/178065/

Detection(s):

SecuriteInfo.com.Trojan.PWS.Siggen2.61899.6544.29541.UNOFFICIAL

ditekSHen.MALWARE.Win.Trojan.RedLine-1.UNOFFICIAL

Result

Verdict:

Suspicious

Maliciousness:

Behaviour

Creating a window

DNS request

Connection attempt

Sending an HTTP GET request

Creating a file

Sending a UDP request

Enabling the 'hidden' option for recently created files

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Malicious Packer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/b80ae288-c807-4a3c-ac1b-8f8a19af5022

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/830565

Signature

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/46ba1967983d6f567a10712f1814d4cad0af421aeb1c25a943a7ceb4d1195037/

Threat name:

Win32.Backdoor.Bladabhindi

Status:

Malicious

First seen:

2021-08-04 06:31:00 UTC

AV detection:

26 of 47 (55.32%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=i25bsz4yhvxvm6qqoexrqfguzlik6qq25moclkkdu7hljuizka3q._file

Verdict:

malicious

RedLineStealer

32990d404497c5dada81222c262bbeccac9c6128e8a340ac5424b727073b1f5e

RedLineStealer

90823e9bf099b873263241a2a7c3435b85fe6480ecb4fff4da9563ba95e7b31e

RedLineStealer

b16c67c196a1cc559f521eeac0052b0025b0eac9afdc5a25c6d8d7e7a611b37c

RedLineStealer

cb5b3ec1be5f432cec70fbea8d525210ef25570b56fba33d7da1ccfb70c6c935

RedLineStealer

ea78ed57b3fe52d6863130011feffa4f34422d7a79428f89e22cd2d13f062eb9

RedLineStealer

ebed275eba9f8eddb2242c93732b7a213ede149bd79a792de9d6f8dda6d7f3a3

RedLineStealer

ed3f452a9fed41f5d3dfb528d6c05a53298b559775eeec46eda50ad42a714b28

RedLineStealer

faa254ca57ec7188939dc6b75b65b9e018d3152c5adb2953daaea28fd4044b69

RedLineStealer

fd1950809cc08c90a09af1289b6107d2f86f4873eca54d2ef2baf3a0590a5491

RedLineStealer

+ 1'475 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://tria.ge/reports/210811-ej9p2f1nq6/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Downloads MZ/PE file

Unpacked files

SH256 hash:

99dda279c4b3528c21374154963a65ca00ff508ecd8abbf4aacc4c91bf594b5b

MD5 hash:

ab8c04ea8dbc4a616db237cf7a097803

SHA1 hash:

cc37c6ac56ba89567c2c3cda5200aecbf35fb1d6

Link:

https://www.unpac.me/results/82c96e09-73a3-4d27-a130-ac1634be3bbc/

SH256 hash:

7532abc169bc1e29cc588ae920885cc6eb96c85e45541f0dc021432ee8fb3421

MD5 hash:

4b757fd0cc289e490d5a79dc6fd8bfd8

SHA1 hash:

40068a5206344e427e669ed1442491a2a4d327af

Link:

https://www.unpac.me/results/82c96e09-73a3-4d27-a130-ac1634be3bbc/

SH256 hash:

46ba1967983d6f567a10712f1814d4cad0af421aeb1c25a943a7ceb4d1195037

MD5 hash:

c2c05cd6cacb0f2fc7ef5c883294c88c

SHA1 hash:

ca41f1d08d016a147bab37879ddf4722debf4549

Link:

https://www.unpac.me/results/82c96e09-73a3-4d27-a130-ac1634be3bbc/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/46ba1967983d6f567a10712f1814d4cad0af421aeb1c25a943a7ceb4d1195037

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.