MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 54c9bcf3b0e538f87f9bf8e2bf47e3999781bba191c7735855b50ef1874631d6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RedLineStealer

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	54c9bcf3b0e538f87f9bf8e2bf47e3999781bba191c7735855b50ef1874631d6
SHA3-384 hash:	b1a82f57ce8e1c779f3e7313639fda5862e6a28be2a2b4f3fa437c4ea9e8df98c138b9511aed16bd4888e343cfb270d6
SHA1 hash:	98bf4f3ba8b51cc3285083d2a7c37bce41ca0a6c
MD5 hash:	78cf7f6470da04e128f356f36f30217f
humanhash:	five-london-kilo-echo
File name:	SecuriteInfo.com.W32.AIDetect.malware2.405.32631
Download:	download sample
Signature	RedLineStealer Create hunting rule
File size:	457'728 bytes
First seen:	2022-03-23 09:13:38 UTC
Last seen:	2022-03-25 07:22:05 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	2dce54f61dcafaf101076114799be8bc (4 x RedLineStealer, 1 x Bdaejec)
ssdeep	12288:QvHrIe0aE39d5vXMjeK/lGRgOUqmq9kR6lhKX9QgNSxnhoc1mt:2HrIelE37hXMSK/cRgOnmq9g6VyenC+y
Threatray	5'458 similar samples on MalwareBazaar
TLSH	T1FDA42364540AE693D093BBF752AAF5939BA2730338D4C4569FCDFE96B084A2C7F40127
Reporter	SecuriteInfoCom
Tags:	exe RedLineStealer

Intelligence

File Origin

# of uploads :

2

# of downloads :

140

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/256005/

Detection(s):

PUA.Win.Packer.Asprotect-3

SecuriteInfo.com.W32.AIDetect.malware2.405.32631.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Sending a custom TCP request

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

packed

Link:

https://www.filescan.io/uploads/623ae4fe0cd58dbd92de5734/reports/df873164-12c7-4f12-842a-12d112c07a38/overview

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Gathering data

Result

Threat name:

RedLine

Detection:

malicious

Classification:

troj

Score:

84 / 100

Link:

https://www.joesandbox.com/analysis/962707

Behaviour

Behavior Graph:

n/a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/54c9bcf3b0e538f87f9bf8e2bf47e3999781bba191c7735855b50ef1874631d6/

Threat name:

Win32.Packed.Generic

Status:

Suspicious

First seen:

2022-03-21 20:51:27 UTC

File Type:

PE (Exe)

Extracted files:

1

AV detection:

28 of 42 (66.67%)

Threat level:

1/5

Verdict:

malicious

Similar samples:

0edb9cf6ee168a3e62e29140044461b376f0a49bca70413eea80f5488633db05

381517605def58f63a5aabe969f824b399e16c952042d3d549bf4a276d433eb5

863c3a369f8c38dcc2158166e2c1510b610f7bbf75a77830ffba62a0f14d1327

a866fa02bf6f9324d6f3713ed1533e4f0262a29a50ab0734e03fe6ed52df11fd

b50d346307ef27c92bf6e5fda61bf060e00ab50119b50facb34cad30747f7c8e

fc45aada4dd0fd54fea4854bd07276881f46b469cc248146d1772188a5704384

+ 5'448 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/220323-k7jv4afgar/

Behaviour

Modifies data under HKEY_USERS

Unpacked files

SH256 hash:

71317a4aa298b336f2a6bb1d74ecbbba015fc732a478395a132053adda1a540a

MD5 hash:

564e5e55d9e3a85de5915b2fd6a2d82d

SHA1 hash:

cd03c87fff78bcf980bfb7094d8a4aa615a25b7e

Link:

https://www.unpac.me/results/d593421d-7632-412c-9551-c4b2441a175a/

SH256 hash:

1337bd7407257167351cd3ef10474b09c9cf5b3ae1335c2d47d5e1050168d5ca

MD5 hash:

85c68cfe934a24bcb8763749368e68a5

SHA1 hash:

7b1e6fcc3a39b034214f724d5146c109b6c22ff7

Link:

https://www.unpac.me/results/d593421d-7632-412c-9551-c4b2441a175a/

SH256 hash:

54c9bcf3b0e538f87f9bf8e2bf47e3999781bba191c7735855b50ef1874631d6

MD5 hash:

78cf7f6470da04e128f356f36f30217f

SHA1 hash:

98bf4f3ba8b51cc3285083d2a7c37bce41ca0a6c

Link:

https://www.unpac.me/results/d593421d-7632-412c-9551-c4b2441a175a/

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/54c9bcf3b0e5/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/54c9bcf3b0e538f87f9bf8e2bf47e3999781bba191c7735855b50ef1874631d6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 54c9bcf3b0e538f87f9bf8e2bf47e3999781bba191c7735855b50ef1874631d6

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/2111877/

Delivery method

Distributed via web download

Cape

Cape

https://www.capesandbox.com/analysis/256005/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample