MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 51ff857aa106cf4a31812aa2dd73dcd068cb4f03ae671be10dbee942a66ee488. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 14


Intelligence 14 IOCs 1 YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 51ff857aa106cf4a31812aa2dd73dcd068cb4f03ae671be10dbee942a66ee488
SHA3-384 hash: f88250c0cfafd3be67901aa668143928f3dcfe66f3e791601cac701679867f52a20c2016a8b073686c222d918cd31a86
SHA1 hash: b8b2618cb65ab1dca605bbb3b63e2ed946f7a720
MD5 hash: e4fcdcf521f7a8f73246e1e7ad443baa
humanhash: kitten-nevada-tennis-romeo
File name:e4fcdcf521f7a8f73246e1e7ad443baa.exe
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:454'656 bytes
First seen:2022-01-26 21:30:47 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash aa2b22e8e3b96fd546a63d71626f45a6 (5 x RedLineStealer, 2 x Smoke Loader, 2 x RaccoonStealer)
ssdeep 12288:Cd6C+WYVJI1B3Q5UNxxbv2T1XqWBOFJ1dfMIb:ChAG1B3og/T2JpOFJb
Threatray 4'407 similar samples on MalwareBazaar
TLSH T152A4BF00B7A1C035F6B752F44A7A93BCA93E7AE15B2461CB53D52AEE56346E0DC3130B
File icon (PE):PE icon
dhash icon 2dec1370399b9b91 (25 x RedLineStealer, 21 x Smoke Loader, 8 x ArkeiStealer)
Reporter abuse_ch
Tags:exe RedLineStealer


Avatar
abuse_ch
RedLineStealer C2:
185.215.113.29:20819

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
185.215.113.29:20819 https://threatfox.abuse.ch/ioc/334657/

Intelligence

File Origin
# of uploads :
1
# of downloads :
199
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
e4fcdcf521f7a8f73246e1e7ad443baa.exe
Verdict:
Malicious activity
Analysis date:
2022-01-26 21:48:03 UTC
Tags:
trojan rat redline
Link:
https://app.any.run/tasks/9666c47c-69e9-40bc-ab1e-ffc89c7cd4ac

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
RedLine
Create hunting rule
Link:
https://www.capesandbox.com/analysis/223808/
Detection(s):
Win.Dropper.Mikey-9917324-0
Create hunting rule

Win.Packed.Tofsee-9937387-1
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Using the Windows Management Instrumentation requests
Creating a window
Reading critical registry keys
Sending a custom TCP request
Creating a file
Launching the default Windows debugger (dwwin.exe)
Sending a TCP request to an infection source
Stealing user critical data
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/5270/overview
Behaviour
MalwareBazaar
MeasuringTime
SystemUptime
EvasionGetTickCount
CheckCmdLine
EvasionQueryPerformanceCounter
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
greyware mikey packed redline
Link:
https://www.filescan.io/uploads/61f1bd9dd73ca9d4648f8158/reports/99060bc8-c569-418e-a34c-9da5ccadb9fb/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Malicious Packer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/2d8d8272-266e-4c5c-8c68-fcff2b93b1f2
Result
Threat name:
RedLine
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/928334
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/51ff857aa106cf4a31812aa2dd73dcd068cb4f03ae671be10dbee942a66ee488/
Threat name:
Win32.Trojan.Raccoon
Create hunting rule
Status:
Malicious
First seen:
2022-01-26 21:31:09 UTC
File Type:
PE (Exe)
Extracted files:
27
AV detection:
22 of 28 (78.57%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kh7yk6vba3huummbfkrn24642bumwtydvztrxyinx3uufjto4sea._file
Verdict:
malicious
Similar samples:
02a1be5f6bac2f03f8dc06a3b94f346ab67f18b70703b80d91ca47478f6d8c5f
RedLineStealer
0d054d4b3068ea7f877963a9be8a71581cb0396a309f65e0a95a45ac1e758d62
RedLineStealer
0d4ba1ff1ded8ceed68d1af69a463506ea7bfe4c92d4d78082ee5c111077ad98
RedLineStealer
23a5e5b0cb827bc3f5d193dea0aaf03296c7c4f4a34eb5884caf8db7d12a7eee
RedLineStealer
2e6a515f6f0f4c6afeee0504513de753828975c0a0ee4630ccd4474f0ca8e002
RedLineStealer
2eecd263f2ccf106ab5ad42ed0bb8c981f9067a1273cc3186cb731aac8fbb702
RedLineStealer
560f614418ca04cf5caa6eb9c04f36572fa28fa12aa94a1ed0178305e457a40f
RedLineStealer
7227c5067dc82a381a3c7485a21c64b702f7e987a46d1349f95e269399e862eb
RedLineStealer
+ 4'397 additional samples on MalwareBazaar
Result
Malware family:
redline
Create hunting rule
Score:
  10/10
Tags:
family:redline botnet:ruzkikakoyto discovery infostealer spyware stealer
Link:
https://tria.ge/reports/220126-1c4vsabba5/
Behaviour
Suspicious use of AdjustPrivilegeToken
Checks installed software on the system
Reads user/profile data of web browsers
RedLine
RedLine Payload
Malware Config
C2 Extraction:
185.215.113.29:20819
Unpacked files
SH256 hash:
f039c36f20180642b9d3f743728e7cd3b128ce16a2ec55b31f57035c0358a48d
MD5 hash:
6fe38621a99a27a7158deed26529044a
SHA1 hash:
e33e1b0dcdca8fbf5d8697cd30e1b179409e103b
Link:
https://www.unpac.me/results/9a4f3e36-223a-4939-a4a2-6aa22f8d5c89/
SH256 hash:
7e19bc9b7a7bec7ea0d39d8c16912006529c968027a29938b3edac98a47e22de
MD5 hash:
fb8321a722de439f6aab2f2c6ce001b2
SHA1 hash:
d678b338cc9600a09d123c9ff2d971d72776aad9
Link:
https://www.unpac.me/results/9a4f3e36-223a-4939-a4a2-6aa22f8d5c89/
SH256 hash:
9fe77933fae452836671e8b4dd89d5622c96dcb23ad3e886f596fd43a9fa02ee
MD5 hash:
e8c466c124c7cd59a9789539e937c1af
SHA1 hash:
8897495710fa4983e459e30cf18408e9a239e5d0
Link:
https://www.unpac.me/results/9a4f3e36-223a-4939-a4a2-6aa22f8d5c89/
SH256 hash:
51ff857aa106cf4a31812aa2dd73dcd068cb4f03ae671be10dbee942a66ee488
MD5 hash:
e4fcdcf521f7a8f73246e1e7ad443baa
SHA1 hash:
b8b2618cb65ab1dca605bbb3b63e2ed946f7a720
Link:
https://www.unpac.me/results/9a4f3e36-223a-4939-a4a2-6aa22f8d5c89/
Malware family:
RedNet
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/51ff857aa106/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/51ff857aa106cf4a31812aa2dd73dcd068cb4f03ae671be10dbee942a66ee488

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe 51ff857aa106cf4a31812aa2dd73dcd068cb4f03ae671be10dbee942a66ee488

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1849294/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/223808/

Comments