MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5e05d90bcdb3ed152fbc447a2f30538affdb2e3c3f60fe4a548837123a423f45. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5e05d90bcdb3ed152fbc447a2f30538affdb2e3c3f60fe4a548837123a423f45
SHA3-384 hash: 3768c68146a327cb1e0e35781ee704b5e511a3b11c49e2bdbaab31ca6845eba35b2ba32cc4f14eb8d1712aa52ed7ba2d
SHA1 hash: 4fffef86242a1eaba0732f61ec6e4ccd022518d3
MD5 hash: 5255cbe95f3798371938f310bdee3b0b
humanhash: avocado-johnny-texas-xray
File name:5255cbe95f3798371938f310bdee3b0b.exe
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:414'720 bytes
First seen:2020-12-03 07:53:54 UTC
Last seen:2020-12-03 10:26:55 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 40c3ebc3d06eb0eacea73fff2506e0f3 (1 x CryptBot, 1 x RedLineStealer)
ssdeep 6144:oPxyFaUJlgMVHZjRX1ozjp5WTouaoOpCK:rBJlgqHZFlozj/WMuaocCK
Threatray 756 similar samples on MalwareBazaar
TLSH 8594E091B381D832C4661476C926DFA4667AFC3117718AC3B7D43B2E5D713C21ABA38E
Reporter abuse_ch
Tags:exe RedLineStealer

Intelligence

File Origin
# of uploads :
2
# of downloads :
113
Origin country :
n/a
Vendor Threat Intelligence
Detection:
SmokeLoader
Create hunting rule
Link:
https://www.capesandbox.com/analysis/106523/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.35518418.10611.20224.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
DNS request
Connection attempt
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
RedLine
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/554367
Signature
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Yara detected RedLine Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5e05d90bcdb3ed152fbc447a2f30538affdb2e3c3f60fe4a548837123a423f45/
Threat name:
Win32.Trojan.RedLineStealer
Create hunting rule
Status:
Malicious
First seen:
2020-12-03 05:25:43 UTC
AV detection:
23 of 28 (82.14%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lyc5sc6nwpwrkl54ir5c6mctrl75wlr4h5qp4ssura3reosch5cq._file
Verdict:
suspicious
Similar samples:
1b189602123e4dba4522d442877fb0862a8fbbc4cc6d187954ba27039bea7d9c
RedLineStealer
31239f4455170cbb223b36936011b6573c3a5a86ee32b55f0bba48d95f3c7f6d
RedLineStealer
566b744e0e0b789f5ba0502144328af1df9483cfbd80a0efc7437aec176c3ac6
RedLineStealer
5b4cbc85472de1347063a0fdacda8089e916ec37d4e079145a5d81bc3a57c0c5
RedLineStealer
69057a29d94d0ae3e51c435df396178b093d057db5addcdb273dcd5aedc6e1ef
RedLineStealer
9cab8335127ff3b44cf40b02a517395c6ed9f29ff6485124543a2ffa97ad4682
RedLineStealer
9ea7a66f0c3dc13ddfc6f05d95049dd7f641053a380578a12013db9f72367f65
RedLineStealer
b43f4cb40b663ef996df51b3ca08420e5ceaa8452bcd91f8ba2bac061ae32a04
RedLineStealer
e956a58b3dfb4b71d0fddad3a02ffd5cc0c3413684b59e2f9f14fd3626250f1d
RedLineStealer
f272416d8cc43a319811db7fc8f6ac087785e2a3b173ecfe573b725952dd430f
RedLineStealer
+ 746 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger spyware stealer trojan
Link:
https://tria.ge/reports/201203-hag9n9htsn/
Behaviour
Suspicious use of AdjustPrivilegeToken
AgentTesla Payload
AgentTesla
Unpacked files
SH256 hash:
5e05d90bcdb3ed152fbc447a2f30538affdb2e3c3f60fe4a548837123a423f45
MD5 hash:
5255cbe95f3798371938f310bdee3b0b
SHA1 hash:
4fffef86242a1eaba0732f61ec6e4ccd022518d3
Link:
https://www.unpac.me/results/68de4fea-8380-426f-a9e1-1eed38333d80/
SH256 hash:
01a4d5b95ab3472d8d5193042c448efc086fe94dd20c1699bab528ecea588d76
MD5 hash:
1b168246b6a84706de98aee701817118
SHA1 hash:
0eefa318eb793419f629759b24b335323dfa29e5
Detections:
win_redline_stealer_g0
Create hunting rule
Link:
https://www.unpac.me/results/68de4fea-8380-426f-a9e1-1eed38333d80/
SH256 hash:
78116ff9fdc637839e7f0d4316dcccaadf7e1b09af8439e4cb15ab4887724327
MD5 hash:
832cfd693fedf3ccd6730db6292001d4
SHA1 hash:
38b02b9d5e45ca13e663a374ef708c79f7610a2a
Detections:
win_redline_stealer_g0
Create hunting rule
Link:
https://www.unpac.me/results/68de4fea-8380-426f-a9e1-1eed38333d80/
SH256 hash:
4343881c748f9f35f74e61bf6ac65e352beb6dfc14a86de7313190f702f2d0ec
MD5 hash:
5c8a5af6ff240bef465e418119b732d8
SHA1 hash:
fd652958f3b9d758cc2bfe048903b14e5c1a8616
Link:
https://www.unpac.me/results/68de4fea-8380-426f-a9e1-1eed38333d80/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5e05d90bcdb3ed152fbc447a2f30538affdb2e3c3f60fe4a548837123a423f45

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe 5e05d90bcdb3ed152fbc447a2f30538affdb2e3c3f60fe4a548837123a423f45

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/882082/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/106523/

Comments