MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 484989aa0548d25d524e8dcbea3e5117e31ec143d8b77aec8945e392ce7c72c8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RedLineStealer

Vendor detections: 13

Intelligence 13 IOCs YARA 1 File information Comments 1

SHA256 hash:	484989aa0548d25d524e8dcbea3e5117e31ec143d8b77aec8945e392ce7c72c8
SHA3-384 hash:	870f82e56e22a3dc8d36ce530775f21a31ad446910d2eb3cb0ff823fb415dd350df80a06b6aa42963dc26e693d198dbc
SHA1 hash:	68d73bac868eef7f89978c73d896b7cb32bf4717
MD5 hash:	7171b247521e630152953ce57aa6908e
humanhash:	timing-six-massachusetts-quebec
File name:	7171b247521e630152953ce57aa6908e
Download:	download sample
Signature	RedLineStealer Create hunting rule
File size:	988'160 bytes
First seen:	2021-10-13 16:29:27 UTC
Last seen:	2021-10-13 18:18:36 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	9c27955c0fd954648a90f6dace0af4f9 (1 x RedLineStealer)
ssdeep	12288:Li7NzBBOb8tjHQ/is1NyoyAXtogMAAZ9ZjZ4JpK6xpmG:OBBW8tjCiSyAugUHE
Threatray	2 similar samples on MalwareBazaar
TLSH	T126257C6F6A0FD711E4942633C0831FF81A3F7AD67125EC4E3956AA16281E2F16B45F8C
Reporter	zbetcheckin
Tags:	32 exe RedLineStealer

Intelligence

File Origin

# of uploads :

# of downloads :

191

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

7171b247521e630152953ce57aa6908e

Verdict:

Suspicious activity

Analysis date:

2021-10-13 16:45:24 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/fc7233d4-0f04-4d0e-99d2-ba387904a12b

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

RedLine

Link:

https://www.capesandbox.com/analysis/197295/

Detection(s):

SecuriteInfo.com.Trojan.GenericKD.37772041.15198.8481.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Launching the default Windows debugger (dwwin.exe)

Verdict:

Suspicious

Threat level:

5/10

Confidence:

67%

Link:

https://www.filescan.io/uploads/6167098dfd35fe780c3da786/reports/7424c95f-eff6-4278-82d7-7be6a82a443d/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Malicious Packer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/086fe1fd-6aaf-440a-b817-a308fe20b09a

Result

Threat name:

RedLine

Detection:

malicious

Classification:

troj.evad

Score:

84 / 100

Link:

https://www.joesandbox.com/analysis/869819

Signature

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Found malware configuration

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Yara detected RedLine Stealer

Behaviour

Behavior Graph:

Download SVG

Detection:

redlinestealer

Link:

https://mwdb.cert.pl/sample/484989aa0548d25d524e8dcbea3e5117e31ec143d8b77aec8945e392ce7c72c8/

Threat name:

Win32.Packed.Generic

Status:

Suspicious

First seen:

2021-10-12 00:57:53 UTC

AV detection:

24 of 44 (54.55%)

Threat level:

1/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=jbeytkqfjdjf2usorxf6upsrc7rr5qkd3c3xv3ejixrzftt4olea._file

Verdict:

malicious

RedLineStealer

6ce593e9aa59ebf1c4e6763b626669a4d24a32dc1183b85c6586c8d949a9e024

RedLineStealer

Result

Malware family:

redline

Score:

10/10

Tags:

family:redline botnet:newpro infostealer

Link:

https://tria.ge/reports/211013-tzsmpsedgn/

Behaviour

RedLine

RedLine Payload

Malware Config

C2 Extraction:

139.99.118.252:12517

Unpacked files

SH256 hash:

958482e8fbd9cd5c79c01c437e21a03a4a9e3a6c594ddd877a1011f9a6b1e63d

MD5 hash:

0acbdabfa064efc992645ad1e1fe5617

SHA1 hash:

e45ab69c4a308cee14b58ea8b7c10147992fd67b

Link:

https://www.unpac.me/results/283f9be3-fac8-47d8-bca8-e70f2f6e1303/

SH256 hash:

82a6e788f8067a2d5d7661953541d5fb14025921ec353fdcfdb36722fd0011a1

MD5 hash:

4dbf9eab1ac0c87120159bc5f654cd9e

SHA1 hash:

c8d876a4a1d1b33f93421f0c49dc454be4fb7aa5

Link:

https://www.unpac.me/results/283f9be3-fac8-47d8-bca8-e70f2f6e1303/

SH256 hash:

5b30f9b22d666e2072b4ed8c54f59c385fb9c62444698fa1c34bbeebc883da90

MD5 hash:

a9b68a07cfc9b8822297b590accd8458

SHA1 hash:

5bf308d71134825312850ab633bcacd44c721461

Link:

https://www.unpac.me/results/283f9be3-fac8-47d8-bca8-e70f2f6e1303/

SH256 hash:

484989aa0548d25d524e8dcbea3e5117e31ec143d8b77aec8945e392ce7c72c8

MD5 hash:

7171b247521e630152953ce57aa6908e

SHA1 hash:

68d73bac868eef7f89978c73d896b7cb32bf4717

Link:

https://www.unpac.me/results/283f9be3-fac8-47d8-bca8-e70f2f6e1303/

Malware family:

RedNet

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/484989aa0548/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.19

Link:

https://yomi.yoroi.company/submissions/484989aa0548d25d524e8dcbea3e5117e31ec143d8b77aec8945e392ce7c72c8

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.