MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 55415e508d283bfd58795c2f0d4455c43ac03fca354c007fd8cd46a756bf342c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RedLineStealer

Vendor detections: 9

Intelligence 9 IOCs YARA 1 File information Comments

SHA256 hash:	55415e508d283bfd58795c2f0d4455c43ac03fca354c007fd8cd46a756bf342c
SHA3-384 hash:	69c1db1dc8487057e7741d691e168ec7f866a57312f46b217b1abf1af47cf02deea85cd3ab8682ef508b04d19ed7b62b
SHA1 hash:	ca1f45f892616501276b450375033a45c3057b2e
MD5 hash:	32b7ab30d58602ab6e287f8c3982d561
humanhash:	lima-mike-arkansas-angel
File name:	SecuriteInfo.com.Trojan.Win32.Save.a.6795.9891
Download:	download sample
Signature	RedLineStealer Create hunting rule
File size:	312'320 bytes
First seen:	2021-09-21 20:09:44 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	98349bc8fa025f57a9d49df3092c15be (10 x RedLineStealer, 2 x ArkeiStealer, 1 x RaccoonStealer)
ssdeep	6144:LywBpOezjE8Nlf0cZw3p27qhrxN/bEATRWBwjtw:GwBp9Y8NlfBqLrHoA0Bai
Threatray	2'061 similar samples on MalwareBazaar
TLSH	T16164E10077A0CA32C56715328B23E7E16EBBB82369609377B767366EEF30291B711355
File icon (PE):
dhash icon	327a7c7d727e6e76 (7 x RaccoonStealer, 4 x RedLineStealer, 1 x DanaBot)
Reporter	SecuriteInfoCom
Tags:	exe RedLineStealer

Intelligence

File Origin

# of uploads :

# of downloads :

261

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

SecuriteInfo.com.Trojan.Win32.Save.a.6795.9891

Verdict:

Malicious activity

Analysis date:

2021-09-21 20:13:06 UTC

Tags:

trojan rat redline

Link:

https://app.any.run/tasks/59792ef2-624c-4d36-b987-24cf2425358f

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/189994/

Detection(s):

SecuriteInfo.com.Trojan.Win32.Save.a.6795.9891.UNOFFICIAL

Malware family:

Malicious Packer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/11a4c455-30c4-4cef-9df3-176f51536f9f

Result

Threat name:

RedLine

Detection:

malicious

Classification:

troj.spyw.evad

Score:

88 / 100

Link:

https://www.joesandbox.com/analysis/855200

Signature

Detected unpacking (overwrites its own PE header)

Found malware configuration

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Tries to harvest and steal browser information (history, passwords, etc)

Yara detected RedLine Stealer

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/55415e508d283bfd58795c2f0d4455c43ac03fca354c007fd8cd46a756bf342c/

Threat name:

Win32.Packed.Fragtor

Status:

Malicious

First seen:

2021-09-21 20:10:06 UTC

AV detection:

21 of 45 (46.67%)

Threat level:

1/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=kvav4uenfa572wdzlqxq2rcvyq5map6kgvgaa76yzvdkovv7gqwa._file

Verdict:

malicious

RedLineStealer

35e01293efaa4e9616a8431691e332f49a939942100f6e6662145df7c4602040

RedLineStealer

4a1eb5d077f5f4134acde43b07cda42bc1f03570bfcdba0289ef2af4212d0bf5

RedLineStealer

6ed5c2256aac5654f708b39f82f40f29ebab155e0e7fd237db5d70903a240981

RedLineStealer

71f8415c24040b573b4852f93ba4df25f83f2a57c536ca9b19011b6ceb9c4528

RedLineStealer

729439c4ee7b6b04bd443520adfae3c5b2eb69981319547e21a9060d64be7693

RedLineStealer

7872580d5105bd09cf386f9713b28854711d356fae34118bd855a9a694da4f1e

RedLineStealer

811b982a5a257a2a9acd46bbf0f68a166470726017e60bb752410ece2cf01ef5

RedLineStealer

ad0048e191fb0db386dfada7927fc139777d8a85858073fd014c0989794b9e73

RedLineStealer

e56b53500bf0072f709cec8121a19d8d98a42672ff4df8c3079518d68b6c4f3f

RedLineStealer

+ 2'051 additional samples on MalwareBazaar

Result

Malware family:

redline

Score:

10/10

Tags:

family:redline botnet:sewpalpadin discovery infostealer spyware stealer

Link:

https://tria.ge/reports/210921-yxpv9aaed8/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Checks installed software on the system

Reads user/profile data of web browsers

RedLine

RedLine Payload

Malware Config

C2 Extraction:

185.215.113.29:18087

Unpacked files

SH256 hash:

a62841bbe14945e2cd4066193675aefc61ced1aaff2753924e4ab30a9241e760

MD5 hash:

f246bd57ec25db36919e7e1aa731303f

SHA1 hash:

f4fa44aadc1d6bd4411c14c78150b2ed24f03f3b

Link:

https://www.unpac.me/results/26761630-8b1b-44d9-b718-e0158144e61d/

SH256 hash:

8804d072134b4f424a7af558ae9eaf17370bf874e2d0919e12e9508a8f25bc04

MD5 hash:

b7e41b714671133b10467addb04eaf04

SHA1 hash:

67250b01da36b1c2b36c6b8599f37d36975cfeca

Link:

https://www.unpac.me/results/26761630-8b1b-44d9-b718-e0158144e61d/

SH256 hash:

ccf48b09615787253370d1f337c632ad194e899489784fa7d4bb4cd8d67d6d9e

MD5 hash:

6b5c7d46224b4d7c38ec620c817867ad

SHA1 hash:

3747f56ac967b30844b790ed11e6180d83a79565

Link:

https://www.unpac.me/results/26761630-8b1b-44d9-b718-e0158144e61d/

SH256 hash:

55415e508d283bfd58795c2f0d4455c43ac03fca354c007fd8cd46a756bf342c

MD5 hash:

32b7ab30d58602ab6e287f8c3982d561

SHA1 hash:

ca1f45f892616501276b450375033a45c3057b2e

Link:

https://www.unpac.me/results/26761630-8b1b-44d9-b718-e0158144e61d/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/55415e508d283bfd58795c2f0d4455c43ac03fca354c007fd8cd46a756bf342c

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	MALWARE_Win_RedLine Create hunting rule
Author:	ditekSHen
Description:	Detects RedLine infostealer

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/189994/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample