MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 507eb00d1d9dfc6b9cb5a54c4b94984cc4382caee3c45e0b4c9bef3b6d8d98da. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 10


Intelligence 10 IOCs 1 YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 507eb00d1d9dfc6b9cb5a54c4b94984cc4382caee3c45e0b4c9bef3b6d8d98da
SHA3-384 hash: 1d76b044f05e79bc2bb1d5ffb9d800ff8a03d8e637d367bb1e7f56570453ea423e0494430b2d2fdcd0a37d9b288032d2
SHA1 hash: 9c7ca609467e4656da1da610f56da7b5e2a308c6
MD5 hash: 3e7462489b760fa3eee713ae03ae7249
humanhash: mars-snake-aspen-october
File name:3e7462489b760fa3eee713ae03ae7249.exe
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:943'616 bytes
First seen:2022-03-19 13:26:21 UTC
Last seen:2022-03-19 14:36:40 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 445554923421947cbff896012e27345a (301 x RedLineStealer, 11 x RaccoonStealer, 5 x CoinMiner)
ssdeep 24576:mPuLxonomPhwPU+pCzf0hWaNx8qra4zFHwXkEaHNYK3c+K5Dyox57:m1Jw7kf0hWaljzFQXNau+M17
Threatray 1'760 similar samples on MalwareBazaar
TLSH T1001523ACB350B69CC66EDD30AE005EEEDE9F0C1DF0E8E0B7B211AD89C914954FA1E155
Reporter abuse_ch
Tags:exe RedLineStealer


Avatar
abuse_ch
RedLineStealer C2:
91.243.32.50:47523

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
91.243.32.50:47523 https://threatfox.abuse.ch/ioc/421040/

Intelligence

File Origin
# of uploads :
2
# of downloads :
362
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/252961/
Detection(s):
PUA.Win.Packer.Asprotect-3
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Launching a process
Creating a window
Using the Windows Management Instrumentation requests
Reading critical registry keys
Sending a custom TCP request
Creating a file
Sending a TCP request to an infection source
Stealing user critical data
Unauthorized injection to a system process
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/6235da28dfdfa8501cbb811e/reports/9b0629fc-e8e8-4fe1-bf39-b5f03d21252d/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
RedLine stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/b275a073-d034-4f1c-b0cc-0533c637d28a
Result
Threat name:
RedLine
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/960082
Signature
Allocates memory in foreign processes
Connects to many ports of the same IP (likely port scanning)
Found malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
PE file has nameless sections
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
Yara detected RedLine Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/507eb00d1d9dfc6b9cb5a54c4b94984cc4382caee3c45e0b4c9bef3b6d8d98da/
Threat name:
Win32.Packed.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-03-19 13:27:13 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
24 of 27 (88.89%)
Threat level:
  1/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=kb7ladi5tx6gxhfvuvgexfeyjtcdqlfo4pcf4c2mtpxtw3mntdna._file
Verdict:
malicious
Similar samples:
24dddac175ec0ecbe3a13040165f0438fca44502c216c96655cdff8f4bc0ddcb
RedLineStealer
356b02d083bfe02dc53ff918bcef12a8fd44686b7ed05f66d7569659c1ad2dc9
RedLineStealer
4d18c531ac7ac2a4cd844b8db30f18571b64c13d49def3d77b6ddc7022652b3f
RedLineStealer
5013372389580672743ad71d9ec522caa057a4f7863ae8fc460ebba005121fd8
RedLineStealer
5b43720ddaaa16ce402b741be6a618fbf87f447b659e0ca5eec2076abacdc6e1
RedLineStealer
6489e500f911c3fb5d0e86b9b0723b051a0973538001cac94cbe32b597f8b0f1
RedLineStealer
7bd0fb482a6bce2de2ce3ce0297724b4ab110f082e94b0f64e32d03b308020e9
RedLineStealer
8e608482cad57e0b61c813e96639f62abd854f069f49d68807c966ccadc518d5
RedLineStealer
d0f26970c628316459bff17f23f723edb14af4046949ef99381ca87c28da8830
RedLineStealer
d2e800b01162a5151738eb524ef4bd36faeba8dd33b8c3d68edb635c29d38d9b
RedLineStealer
+ 1'750 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/220319-qp34xaaghm/
Behaviour
Program crash
Unpacked files
SH256 hash:
d78118462debeb4386fa372575e759dbd48c3e4e23396af6540821100d7bb068
MD5 hash:
889459199cb152878c1adc448b752774
SHA1 hash:
daf118027d7cc0740474931e79482e26c068e882
Link:
https://www.unpac.me/results/c53538fe-a263-4946-a7a2-b113e63222b1/
SH256 hash:
e321fd66cffe9c17cd5a640365c26a7b2122124dd55ad7576804d8da63ace75f
MD5 hash:
1f3febedc70f29230b9166cd817a351e
SHA1 hash:
f985b9e8d3f89bcae765e793cbff9066054570d0
Link:
https://www.unpac.me/results/c53538fe-a263-4946-a7a2-b113e63222b1/
SH256 hash:
507eb00d1d9dfc6b9cb5a54c4b94984cc4382caee3c45e0b4c9bef3b6d8d98da
MD5 hash:
3e7462489b760fa3eee713ae03ae7249
SHA1 hash:
9c7ca609467e4656da1da610f56da7b5e2a308c6
Link:
https://www.unpac.me/results/c53538fe-a263-4946-a7a2-b113e63222b1/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/507eb00d1d9d/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Redline
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/507eb00d1d9dfc6b9cb5a54c4b94984cc4382caee3c45e0b4c9bef3b6d8d98da

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe 507eb00d1d9dfc6b9cb5a54c4b94984cc4382caee3c45e0b4c9bef3b6d8d98da

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1828281/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/252961/

Comments