MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6066ada4d9d96be88422f5a2b1fffa410901f9af4308528cbc00145225575e21. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 16


Intelligence 16 IOCs YARA 1 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6066ada4d9d96be88422f5a2b1fffa410901f9af4308528cbc00145225575e21
SHA3-384 hash: b8faf8c95c3369041dd08002a3e106351ff8d59d593b2800bb384f95da163bf1e61961b6bec5ee46a823d5221a696071
SHA1 hash: e8591bbc6b09c0f344b7c85141f5cc69a95c21a5
MD5 hash: 81df5c60780873d34e488655e3838c4d
humanhash: mirror-alpha-snake-winter
File name:81df5c60780873d34e488655e3838c4d
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:387'072 bytes
First seen:2022-05-24 05:58:02 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c16dd46cbc11e53607645ca176b26b3e (7 x RedLineStealer, 1 x AveMariaRAT)
ssdeep 6144:ovq5khBx29y8c12kThBMPg6z/Ye+v3PQUwB/7Cb9PhYMdqR:ocAx29pMnT4Pg68p34L5KWMd
Threatray 4'879 similar samples on MalwareBazaar
TLSH T19084BE00BA90C1F5F5F751F4497DA369BA2EBEB15B2441CB62D426EE16386E0EC3035B
TrID 48.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
16.4% (.EXE) Win64 Executable (generic) (10523/12/4)
10.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
7.0% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 9824e7d0c6e72158 (4 x RedLineStealer, 3 x Smoke Loader, 2 x Stop)
Reporter zbetcheckin
Tags:32 exe RedLineStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
301
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
redline
Create hunting rule
ID:
1
File name:
81df5c60780873d34e488655e3838c4d
Verdict:
Malicious activity
Analysis date:
2022-05-24 06:07:28 UTC
Tags:
redline
Link:
https://app.any.run/tasks/a90f8e3c-4cb2-405a-8e07-00cb9f7b7afe

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
RedLine
Create hunting rule
Link:
https://www.capesandbox.com/analysis/273953/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/19785/overview
Behaviour
MalwareBazaar
SystemUptime
MeasuringTime
EvasionGetTickCount
EvasionQueryPerformanceCounter
CheckCmdLine
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/628c73edefe9af159cbbf307/reports/8258a992-f3b2-4bbe-811e-e346fd6f00c6/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Malicious Packer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/6b017089-9ff0-4c48-acc2-0041d9645091
Result
Threat name:
RedLine
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/1000384
Signature
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected RedLine Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6066ada4d9d96be88422f5a2b1fffa410901f9af4308528cbc00145225575e21/
Threat name:
Win32.Trojan.VidarCrypt
Create hunting rule
Status:
Malicious
First seen:
2022-05-24 05:59:06 UTC
File Type:
PE (Exe)
Extracted files:
27
AV detection:
22 of 26 (84.62%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mbtk3jgz3fv6rbbc6wrld772ieeqd6npimeffdf4aakfejkxlyqq._file
Verdict:
malicious
Similar samples:
1015e4e0a14c39d6a0471e62b945d16825870dddee1f653e567945d26854ffad
RedLineStealer
2d3a60652ef2eec8c8e7266ea38b1a1cbc3685315647bd3bddf6232444991c80
RedLineStealer
61908494916ed56bcbcdf4db45499ac7f46f7a8d3e06fb4a7ef5cfadd3741bae
RedLineStealer
623e9c16293efd3006be3eb766b5cea0bec4b775c59f7653232bf96fa8c9b004
RedLineStealer
ab28b2a7c38a0218ba63ef35ded5de9ca0514855469dbb430a083f5bcfd86b7a
RedLineStealer
bf68d399e2f7f4103d1eeba804afef71535a60d54e4b69a56330b115d18462df
RedLineStealer
f7491341509fe582a63437f0f92c3c66a6f4c98c20ff8e6574e1ecf844d4fa19
RedLineStealer
+ 4'869 additional samples on MalwareBazaar
Result
Malware family:
redline
Create hunting rule
Score:
  10/10
Tags:
family:redline botnet:lyla2 infostealer
Link:
https://tria.ge/reports/220524-gn6c7sffa4/
Behaviour
Suspicious use of AdjustPrivilegeToken
RedLine
Malware Config
C2 Extraction:
185.215.113.201:21921
Unpacked files
SH256 hash:
9af23fa714b3a3011ff70f4b630cb1f538eab75de42e911fb6c5483757438e72
MD5 hash:
ef52cb6eba55c7ff5424efd7deb3916e
SHA1 hash:
dd5adf710f3de184823ddbe9568eb6c35324ed59
Link:
https://www.unpac.me/results/df0cc449-f751-4074-b59b-defb887b46c2/
SH256 hash:
31adbd2b407561e73053b29f8f7f3f0d9a67d1f9cd191e82941edc8eb9293cea
MD5 hash:
57169524b59850e5e902a000a50a0ae9
SHA1 hash:
a01242bbb8b80c1981d372dadb29bca6d7190871
Link:
https://www.unpac.me/results/df0cc449-f751-4074-b59b-defb887b46c2/
SH256 hash:
e5c0b3a94437fac397ff0592da8f17d26ff6661f77998cfc704898b5c5310ea9
MD5 hash:
6bf03e71a9b0b7d86021340f9c8ceebc
SHA1 hash:
01c52aef94e5c9d2062615379dee703a4f114536
Link:
https://www.unpac.me/results/df0cc449-f751-4074-b59b-defb887b46c2/
SH256 hash:
6066ada4d9d96be88422f5a2b1fffa410901f9af4308528cbc00145225575e21
MD5 hash:
81df5c60780873d34e488655e3838c4d
SHA1 hash:
e8591bbc6b09c0f344b7c85141f5cc69a95c21a5
Link:
https://www.unpac.me/results/df0cc449-f751-4074-b59b-defb887b46c2/
Malware family:
RedNet
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/6066ada4d9d9/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6066ada4d9d96be88422f5a2b1fffa410901f9af4308528cbc00145225575e21

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:MALWARE_Win_RedLine
Create hunting rule
Author:ditekSHen
Description:Detects RedLine infostealer

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe 6066ada4d9d96be88422f5a2b1fffa410901f9af4308528cbc00145225575e21

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2208921/
Cape
Cape
https://www.capesandbox.com/analysis/273953/

Comments


Avatar
zbet commented on 2022-05-24 05:58:05 UTC

url : hxxp://tumanjo.com/6/data64_4.exe