MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 619ed29c59b4f6a8ad37d7ae185713c12899726ed88fcc03524430669f4a3c6c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 619ed29c59b4f6a8ad37d7ae185713c12899726ed88fcc03524430669f4a3c6c
SHA3-384 hash: 9008f1746114d925df93a69223f515e0539a75bf5b54df7efea4abae5427a0969d0c6eb8ea4e478ec160c62b1d533e31
SHA1 hash: 0f1b83fdef287f435c559797c98555d6369a846d
MD5 hash: 4d58c832c0e9ec29b6453c4d8f86a2d0
humanhash: alanine-low-double-sierra
File name:4d58c832c0e9ec29b6453c4d8f86a2d0.exe
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:588'288 bytes
First seen:2020-06-28 06:35:01 UTC
Last seen:2020-06-28 07:43:05 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 6756dd0f87bcf115174789822e1f49a5 (1 x RedLineStealer)
ssdeep 12288:n9fkHukJtbcSMWJAEc0lui540Fi5D19CHJuUY/B6u1ijsQ87S1u:n9aPJ5cbalj6/CoUewu1iADSk
Threatray 210 similar samples on MalwareBazaar
TLSH 23C412237571F03BC4F72131AB71D5E13A2E3831252915972B542B2E9DB0AE0EE7939E
Reporter abuse_ch
Tags:exe RedLineStealer


Avatar
abuse_ch
RedLineStealer payload URL:
http://greenpalace.top/brazi/testoviyjuki.exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
94
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/15128/
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a window
Sending a custom TCP request
Creating a file in the %AppData% subdirectories
Sending an HTTP GET request to an infection source
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/619ed29c59b4f6a8ad37d7ae185713c12899726ed88fcc03524430669f4a3c6c/
Threat name:
Win32.Trojan.CryptInject
Create hunting rule
Status:
Malicious
First seen:
2020-06-28 06:36:06 UTC
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mgpnfhczwt3krljx26xbqvytyeujs4to3ch4ya2siqygnh2khrwa._file
Verdict:
unknown
Similar samples:
01c399028ad16abaccdf9d4a200bc6146e06e20636c7111622d78d9393a2c7e1
RedLineStealer
0d204a3dcd80cbbf3063bfa130f163a4281c56bab9a5017faf6307025b5c829d
RedLineStealer
110f27da9c8dc85e0c193a5d4bdade5019e4a1f9ffea49e9b3dc8eb069e2dbcc
RedLineStealer
358178b74d9ff1457dab5015e5d10aa18a3b95d50a5a821568886672dfde97f3
RedLineStealer
5b5eab7a12fdfc6cc39e39193b7a9020ee46e72acac70033236ef9b6b2da32c7
RedLineStealer
6c90f16a6932be921cbb44b9e4531cf36e5ded6d5dd0016c4309a56ab8a96461
RedLineStealer
8499aa17997bfbe03592e33e82df1c674f1b57ba3d372355e690b9468ea6fea2
RedLineStealer
92b8718fd64c7d13e9ea54a69ac7c1a52b57680d34c74d38c2b8ac1eb53f217c
RedLineStealer
ba244c534e6a0eedb496e840881c5401c3640fc317b601da17ca84570e1e181a
RedLineStealer
cb0d1f942e077021cc2fe8cfb688abd294398e407e9f5f851f35fddeb5e30bf9
RedLineStealer
+ 200 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
evasion spyware trojan
Link:
https://tria.ge/reports/200628-nc4v5slbtn/
Behaviour
Checks processor information in registry
Modifies system certificate store
Legitimate hosting services abused for malware hosting/C2
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
URLhaus
https://urlhaus.abuse.ch/url/401438/
Cape
Cape
https://www.capesandbox.com/analysis/15128/

Comments