MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5c4ed9fd9a7d3408b9a7d39b5c14ac9ca1ea516026f3ad2a5ace2dffc92cf220. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5c4ed9fd9a7d3408b9a7d39b5c14ac9ca1ea516026f3ad2a5ace2dffc92cf220
SHA3-384 hash: 981004dad847354698e2cc3b079c766b2e040d8727396e9694ae049c499e0f2d250a2ebee3dbfa708f4da1a5e9591dbd
SHA1 hash: c6d769a3abb053dd1d86b8f6017682de785a4a30
MD5 hash: a90a9d5cd8940dbb782292a2206a2ba6
humanhash: victor-cup-cola-kilo
File name:a90a9d5cd8940dbb782292a2206a2ba6.exe
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:396'800 bytes
First seen:2021-10-13 09:29:01 UTC
Last seen:2021-10-13 11:24:19 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 1c763ac38c11e291bf3530d542ce2870 (1 x RedLineStealer, 1 x ArkeiStealer, 1 x DanaBot)
ssdeep 6144:xWScCWt4rA/QQTZJ2YQGTeFRWBRlyigVo+6SwVx98aC3JWrE:oScR5TP2YQOeFIwVo+iH8nc
Threatray 78 similar samples on MalwareBazaar
TLSH T15684E021B298E7B1C89719B0CC25CAF54DFFBC41552490CBB76A3E6F2EB13809A39355
File icon (PE):PE icon
dhash icon a3bcdcac9c8cb484 (4 x Glupteba, 4 x Smoke Loader, 2 x RedLineStealer)
Reporter abuse_ch
Tags:exe RedLineStealer

Intelligence

File Origin
# of uploads :
2
# of downloads :
186
Origin country :
n/a
Vendor Threat Intelligence
Detection:
RedLine
Create hunting rule
Link:
https://www.capesandbox.com/analysis/197138/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.47166266.11868.13814.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Malicious Packer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/edba9b74-1da1-4b20-8d52-5f5f7d899e53
Result
Threat name:
RedLine
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/869540
Signature
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Yara detected RedLine Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5c4ed9fd9a7d3408b9a7d39b5c14ac9ca1ea516026f3ad2a5ace2dffc92cf220/
Threat name:
Win32.Trojan.Azorult
Create hunting rule
Status:
Malicious
First seen:
2021-10-13 09:32:26 UTC
AV detection:
24 of 27 (88.89%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
11ed6cc2222d5e0db7cc26544b9acf7370f2dab930e73a7268d388d73674b776
RedLineStealer
1abadd3fb21dbf1da2254539c73517d2af43ef9bdc3c67de66466fb961cb3fe6
RedLineStealer
1adfef6c467845d28da8364481e3a857c03ba6f1a058d5ecc061f3761c0993ba
RedLineStealer
800346e0531230e0cde13dad6e6795fbf298fdc95c97481f6c28c4a1043227ce
RedLineStealer
9ba8dc8c46b2589bf035f4d4ab04e1e87b2abd8ace34166c28e64cba4919c270
RedLineStealer
da184b3620bfaede69d888624cc3971efd9a72c58941a358d58f63e8d7eeffef
RedLineStealer
f880f1bdad4b6022e1ec7de81fdd9276f023dee04c56068698e88db70038886a
RedLineStealer
+ 68 additional samples on MalwareBazaar
Result
Malware family:
redline
Create hunting rule
Score:
  10/10
Tags:
family:redline infostealer
Link:
https://tria.ge/reports/211013-lfxhjsdha7/
Behaviour
RedLine
RedLine Payload
Unpacked files
SH256 hash:
812d22db0abce8906a7a609aef3f59aaebb4626e0dd0f44bd36d718f68f2263e
MD5 hash:
e184239452cabec16de4a09a34b353a5
SHA1 hash:
8f947aa469c447166b4f3fce61286d9a5322a29e
Link:
https://www.unpac.me/results/4d654ddf-b7d3-431d-b771-046e1460c71a/
SH256 hash:
3cd4177a5b9b119c62aab910d122c8b5de267734215debcffe440977c7fe8561
MD5 hash:
fb27ef4e747074ac183bf467478974b6
SHA1 hash:
70dbdb7d34da43d74129e0c8f705bb16b312ef7b
Link:
https://www.unpac.me/results/4d654ddf-b7d3-431d-b771-046e1460c71a/
SH256 hash:
9e60163586be81d2127bb480b84f19e57a6b5275097ccaea640c9aade6c87493
MD5 hash:
3d14606c7adcf5931c21f0bd546821de
SHA1 hash:
2f2bd9c7ae31f1596d0139ca54d029c2bd908a45
Link:
https://www.unpac.me/results/4d654ddf-b7d3-431d-b771-046e1460c71a/
SH256 hash:
5c4ed9fd9a7d3408b9a7d39b5c14ac9ca1ea516026f3ad2a5ace2dffc92cf220
MD5 hash:
a90a9d5cd8940dbb782292a2206a2ba6
SHA1 hash:
c6d769a3abb053dd1d86b8f6017682de785a4a30
Link:
https://www.unpac.me/results/4d654ddf-b7d3-431d-b771-046e1460c71a/
Malware family:
RedNet
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/5c4ed9fd9a7d/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5c4ed9fd9a7d3408b9a7d39b5c14ac9ca1ea516026f3ad2a5ace2dffc92cf220

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe 5c4ed9fd9a7d3408b9a7d39b5c14ac9ca1ea516026f3ad2a5ace2dffc92cf220

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1610920/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/197138/

Comments