MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 62853a90047c8b06a44cb0c0dc68847e02b058fba9842e609f382c5cba6f8bbb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 15


Intelligence 15 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 62853a90047c8b06a44cb0c0dc68847e02b058fba9842e609f382c5cba6f8bbb
SHA3-384 hash: 405c9e030e1cf37959712ba5f2cd0b2def18d3bfccfcdbd39ca81a8908c119dab1ad999ce0c2eb7e63b95024cdc30ee7
SHA1 hash: 5304d1fb751ca67aa90b0432f92e7ba58514bdaf
MD5 hash: a15a5ec43c1fc178f809a533b87e2c72
humanhash: red-summer-king-delta
File name:99242935.exe
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:1'054'720 bytes
First seen:2023-05-21 18:45:15 UTC
Last seen:2023-05-21 18:55:38 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 646167cce332c1c252cdcb1839e0cf48 (8'473 x RedLineStealer, 4'851 x Amadey, 290 x Smoke Loader)
ssdeep 24576:yyfZAyQIRIHqKrxp52d62BkC/g7dC8NlLA8H:ZhhQrHqKtp50XBkQg7g8DA
Threatray 3'209 similar samples on MalwareBazaar
TLSH T183252303BAD85063E8B567B054FA07C31736FCD28D78D22B224269D75D325A8F471B6B
TrID 70.4% (.CPL) Windows Control Panel Item (generic) (197083/11/60)
11.1% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
5.9% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
3.7% (.EXE) Win64 Executable (generic) (10523/12/4)
2.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
File icon (PE):PE icon
dhash icon f8f0f4c8c8c8d8f0 (8'803 x RedLineStealer, 5'078 x Amadey, 288 x Smoke Loader)
Reporter Neiki
Tags:RedLineStealer

Intelligence

File Origin
# of uploads :
3
# of downloads :
64
Origin country :
DE DE
Vendor Threat Intelligence
Malware family:
redline
Create hunting rule
ID:
1
File name:
99242935.exe
Verdict:
Malicious activity
Analysis date:
2023-05-21 18:53:28 UTC
Tags:
redline
Link:
https://app.any.run/tasks/e71244a2-7c31-433e-9c48-7a3192ebef7d

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
Sanesecurity.Malware.28840.BadO.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Trojan.Agent.EAOQ.26295.2066.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Creating a process from a recently created file
Creating a process with a hidden window
Launching a service
Creating a file
Blocking the Windows Defender launch
Disabling the operating system update service
Unauthorized injection to a recently created process
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/86938/overview
Behaviour
MalwareBazaar
SystemUptime
MeasuringTime
EvasionGetTickCount
EvasionQueryPerformanceCounter
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
advpack.dll anti-vm CAB greyware installer lolbin packed rundll32.exe setupapi.dll shell32.dll
Link:
https://www.filescan.io/uploads/646a66ebe3846a4861dc42b4/reports/d8c059da-8de9-416c-b241-b6369df6742b/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/62853a90047c8b06a44cb0c0dc68847e02b058fba9842e609f382c5cba6f8bbb
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
RedLine stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/eddfd059-3109-429b-a1f8-abe13f4f94fa
Result
Threat name:
RedLine
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1238984
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/62853a90047c8b06a44cb0c0dc68847e02b058fba9842e609f382c5cba6f8bbb/
Threat name:
Win32.Trojan.RedLineStealer
Create hunting rule
Status:
Malicious
First seen:
2023-05-21 18:46:05 UTC
File Type:
PE (Exe)
Extracted files:
118
AV detection:
20 of 24 (83.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mkctveaepsfqnjcmwdany2eepyblawh3vgcc4ye7hawfzotpro5q._file
Verdict:
malicious
Similar samples:
133982c977d3b579e903a9ca11159acc05cf60b4ce30ba56e2d0e79e2efd7a2f
RedLineStealer
1a6cb6a3ae4f0530a57855656c2d7a95fb89d222736aec9ba1471ef05d8ab82f
RedLineStealer
25622e93e61116c3f973342219321891473820af450bbdbae9377827695955d6
RedLineStealer
38630dd2d7a4fbcba87bd9dfc2d8e7fb70b559aa520879a50697ca0fe4c9bab5
RedLineStealer
50c2c9ec4c94886cac486cfae467e57c683eb450c48a57688ca6054c1b8d2d4f
RedLineStealer
6b39b939acf1f4aa5bebe7d32fd69de1389bdbfac2e15ee8c71e45ed4faebd8b
RedLineStealer
6df63c6f49144b0e0914f380133c52cd7a7b23bbcefa931c5d2d2b2c5c8524d2
RedLineStealer
cef8ed0baea5977ec92a708285e67dc86c84b18a6eac72e53674d5b9d85f97e6
RedLineStealer
f6156e781add70f932d821aa8ccb59363f9ac868148e0eeeb79c1d19540435de
RedLineStealer
f7f243c095defbebffaac067bd9c1f965e506dd54bc515721c854b37b52b72b3
RedLineStealer
+ 3'199 additional samples on MalwareBazaar
Result
Malware family:
redline
Create hunting rule
Score:
  10/10
Tags:
family:redline botnet:mixa evasion infostealer persistence trojan
Link:
https://tria.ge/reports/230521-xelv7sbg25/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Adds Run key to start application
Executes dropped EXE
Loads dropped DLL
Windows security modification
Modifies Windows Defender Real-time Protection settings
RedLine
Malware Config
C2 Extraction:
185.161.248.37:4138
Unpacked files
SH256 hash:
ae5963fae8b0fe6ebb5b82623c65880261284668d05eb631f7d233f715d8c12b
MD5 hash:
b3cccbc37edb6729def3d35002525728
SHA1 hash:
e0f4e53169292e32ffa3e6524c0c99fa5095a7a0
Link:
https://www.unpac.me/results/b96092b0-f3dc-4eff-8951-95e484ee8b95/
SH256 hash:
78aba28ee3dc7d5a365cd3843ab9a5457b225fe5d57beef5be154c71f3757a68
MD5 hash:
71663a1b857d126898900b9bc88fe08a
SHA1 hash:
9d8fd90e2180e30178340e85e6801f29b11cd348
Link:
https://www.unpac.me/results/b96092b0-f3dc-4eff-8951-95e484ee8b95/
SH256 hash:
fa12432a6947c634931bbb2c1c81cae4f822c481fca4711eb63389e41fa0a76d
MD5 hash:
1c16d22bfccdd60c41272aab6dba721f
SHA1 hash:
f7f52db283130639f1cfd3573e6b769467cce089
Detections:
redline
Create hunting rule
Link:
https://www.unpac.me/results/b96092b0-f3dc-4eff-8951-95e484ee8b95/
SH256 hash:
f9821b99b00b6e72466f719d5c99755f003c875d92e6d29052d52c4de829f395
MD5 hash:
ad33ba264f1fa4955d184b04b18af696
SHA1 hash:
7dced6e2231ffd5eca4489631aa8d62b7ed4fc84
Link:
https://www.unpac.me/results/b96092b0-f3dc-4eff-8951-95e484ee8b95/
SH256 hash:
2cc94c247c7223109c0d4949a75c1119911ea16282e90340bc1b53c5eb859bc2
MD5 hash:
e4669f26748c85edc6218aca883f515a
SHA1 hash:
608d6ecadda7248347ab72836ac982bcba0e52df
Link:
https://www.unpac.me/results/b96092b0-f3dc-4eff-8951-95e484ee8b95/
SH256 hash:
62853a90047c8b06a44cb0c0dc68847e02b058fba9842e609f382c5cba6f8bbb
MD5 hash:
a15a5ec43c1fc178f809a533b87e2c72
SHA1 hash:
5304d1fb751ca67aa90b0432f92e7ba58514bdaf
Link:
https://www.unpac.me/results/b96092b0-f3dc-4eff-8951-95e484ee8b95/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Redline
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/62853a90047c8b06a44cb0c0dc68847e02b058fba9842e609f382c5cba6f8bbb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe 62853a90047c8b06a44cb0c0dc68847e02b058fba9842e609f382c5cba6f8bbb

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2636841/
  
Delivery method
Distributed via web download

Comments