MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 53694d09899c9de1600743b37ab45e9dc4e3eaf329dc410e87a3b7318d943012. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
RedLineStealer
Vendor detections: 8
| SHA256 hash: | 53694d09899c9de1600743b37ab45e9dc4e3eaf329dc410e87a3b7318d943012 |
|---|---|
| SHA3-384 hash: | 8717b401165ee41fb9a089b48a1e55b6a6f802bed128a27e0639bf38af270a77d93f8010bf78464df687d9abe932e646 |
| SHA1 hash: | 233c968655f394c1f47ecda91f9fd031690fe52f |
| MD5 hash: | f65f59a56f70f4ce9abe634d7f2f6cc6 |
| humanhash: | blossom-nevada-mars-network |
| File name: | f65f59a56f70f4ce9abe634d7f2f6cc6.exe |
| Download: | download sample |
| Signature | RedLineStealer |
| File size: | 340'992 bytes |
| First seen: | 2020-11-01 06:49:19 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | d32ed4aac19be5396ca38d351da15a52 (1 x RedLineStealer, 1 x CoinMiner) |
| ssdeep | 6144:dJgFJbPsXIfEGYmU6CpadbBusd+1eP7rW:aJbDMGfU6CwHd+1k |
| TLSH | AD74D01176D0C032C49254316865E7B1663ABC61B5749A4F3BD8FF2F2E222D1EBB235E |
| Reporter |  abuse_ch |
| Tags: | exe RedLineStealer |
Intelligence
File Origin
# of uploads :
1
# of downloads :
115
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Detection(s):
Result
Verdict:
Malware
Maliciousness:
Behaviour
Sending a UDP request
Launching the default Windows debugger (dwwin.exe)
Connection attempt to an infection source
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
RedLine
Detection:
malicious
Classification:
troj.spyw.evad
Score:
80 / 100
Signature
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Yara detected RedLine Stealer
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Glupteba
Status:
Malicious
First seen:
2020-10-30 18:11:00 UTC
File Type:
PE (Exe)
Extracted files:
36
AV detection:
26 of 29 (89.66%)
Threat level:
5/5
Result
Malware family:
agenttesla
Score:
10/10
Tags:
family:agenttesla keylogger spyware stealer trojan
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Program crash
AgentTesla Payload
AgentTesla
Unpacked files
SH256 hash:
53694d09899c9de1600743b37ab45e9dc4e3eaf329dc410e87a3b7318d943012
MD5 hash:
f65f59a56f70f4ce9abe634d7f2f6cc6
SHA1 hash:
233c968655f394c1f47ecda91f9fd031690fe52f
SH256 hash:
6b9dbb8dde0ac65181589240dcb9575a8738e07c79f0a133989b48b17d8bf180
MD5 hash:
44ee6ecadc22626e9fb327721ef6db99
SHA1 hash:
3864dfda3ad089a1fd4163be22378b0fb2c04605
Detections:
win_redline_stealer_g0
SH256 hash:
48b6b2a807618beb919b656dae5f610bf18548a0abd4d9e35671adea1ec344e6
MD5 hash:
b4e7d04dc87794efef9b263ed15aff66
SHA1 hash:
c912cc1d2fac9abc9f3b8062826ebb092d6e5389
Detections:
win_redline_stealer_g0
SH256 hash:
c02efe9d41d700f94b9f70e114fac16e241524b2f832243f12646de2773cfc99
MD5 hash:
ac9026c249f262f67997047be7c1c3bc
SHA1 hash:
d53be5007271443c6829092c310dbcff1c888812
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Glupteba
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
Delivery method
Distributed via web download
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.