MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 5cdb65cf746abb51242f89647866dcc62e518e9085b5a593b9839a224587b62e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
RedLineStealer
Vendor detections: 6
| SHA256 hash: | 5cdb65cf746abb51242f89647866dcc62e518e9085b5a593b9839a224587b62e |
|---|---|
| SHA3-384 hash: | 79fb49e03c935428e7f69420ebf3db6084092dad913ee6a185320dc7c32bbbafd2d501c6f8d39515c7717915bc6a3049 |
| SHA1 hash: | 9bb962ba954f5957b47eaff56787fb175c5cb6f8 |
| MD5 hash: | fe9d939602fa487c9a4debf48cfc0d3d |
| humanhash: | tango-twelve-island-table |
| File name: | Installer 2.0.rar |
| Download: | download sample |
| Signature | RedLineStealer |
| File size: | 2'733'604 bytes |
| First seen: | 2022-09-22 22:07:15 UTC |
| Last seen: | 2022-09-22 22:08:27 UTC |
| File type: | rar |
| MIME type: | application/x-rar |
| ssdeep | 24576:EntPs6tYHqVDX6+eRaYKYOSfMI6wM2yGpddkJPQRmreCmf6oStu7qLXKiRYL8+W8:AZLmqVDNe1xRZCTu7qLXKiRYa4tl31 |
| TLSH | T1E1C519135A8B0D79CDD277B4A1CB633AA734ED30CA2A9B7FB708C43959532C56C1A742 |
| TrID | 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1) 38.4% (.RAR) RAR compressed archive (gen) (5000/1) |
| Reporter |  iam_py_test |
| Tags: | rar Redline |
Intelligence
File Origin
# of uploads :
2
# of downloads :
419
Origin country :
n/a
File Archive Information
This file archive contains 2 file(s), sorted by their relevance:
| File name: | Read Me, PASSWORD - 2022.txt |
|---|---|
| File size: | 15 bytes |
| SHA256 hash: | 3eb7b44a61a547fa637a171d22d3d5715e47f03161d1d55170156603c3c1bfe8 |
| MD5 hash: | 63200c511aa155686e4a1d575b6f394b |
| MIME type: | text/plain |
| Signature | RedLineStealer |
| File name: | Installer 2.0.rar |
|---|---|
| File size: | 2'733'355 bytes |
| SHA256 hash: | 978e91c1a1ab273aecebfa1a686a0110b3431fd1745034814673c86904909b71 |
| MD5 hash: | cd96d77570fa7a0fb6b7bf2f221f4f0d |
| MIME type: | application/x-rar |
| Signature | RedLineStealer |
Vendor Threat Intelligence
Gathering data
Result
Verdict:
MALICIOUS
Threat name:
Win32.Spyware.Convagent
Status:
Malicious
First seen:
2022-09-22 22:08:14 UTC
File Type:
Binary (Archive)
Extracted files:
3
AV detection:
17 of 41 (41.46%)
Threat level:
2/5
Detection(s):
Suspicious file
Result
Malware family:
redline
Score:
10/10
Tags:
family:redline botnet:@akkkerman infostealer spyware
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Accesses cryptocurrency files/wallets, possible credential harvesting
RedLine
RedLine payload
Malware Config
C2 Extraction:
77.73.134.24:80
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Redline
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
RedLineStealer
rar 5cdb65cf746abb51242f89647866dcc62e518e9085b5a593b9839a224587b62e
(this sample)
exe 
Delivery method
Distributed via web download
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.There is an error in the "Dropped files" section.
The correct order is: This sample -> 978e91c1a1ab273aecebfa1a686a0110b3431fd1745034814673c86904909b71 (RAR) -> 40b8d2368df2682276c4040a796a2e3197877002cfc36e95e3f929d0e91c9ad4 (EXE)