MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 665b0cd8dfe3967ce59155497f7226118f0b840b2c9a8361bd1ae3630698f3a4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RedLineStealer

Vendor detections: 14

Intelligence 14 IOCs YARA 1 File information Comments

SHA256 hash:	665b0cd8dfe3967ce59155497f7226118f0b840b2c9a8361bd1ae3630698f3a4
SHA3-384 hash:	047fe4e6127f4247e7f23735bb27ee27bcedfbba6b3d03fb91ce8ac6891f9973ca30f72c6b93eddccf2a06b1b306fc5e
SHA1 hash:	16753ff058ed21066f3d839816e453289c6e3777
MD5 hash:	9f3607f7186cfac55fd5fe5dd62ebb60
humanhash:	enemy-gee-hotel-video
File name:	9f3607f7186cfac55fd5fe5dd62ebb60.exe
Download:	download sample
Signature	RedLineStealer Create hunting rule
File size:	368'640 bytes
First seen:	2021-10-14 18:22:36 UTC
Last seen:	2021-10-14 18:55:05 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	dcb2b1e8915e922e5e206fdc7346e3f1 (2 x RedLineStealer, 1 x ArkeiStealer)
ssdeep	6144:n0DPgKl7M+C/xJvsuuvpaqC8sY5eFAmUVx98aCYcW5S:0LgKFpGiflQ4H8ocW5S
Threatray	3'499 similar samples on MalwareBazaar
TLSH	T19274CF203264DAB1F45766308815F7A15E77BDA3D970D2C773E6FA1E6EB028086363D2
File icon (PE):
dhash icon	fcfcb4f4d4dcd8c0 (7 x RedLineStealer, 4 x RaccoonStealer, 3 x Smoke Loader)
Reporter	abuse_ch
Tags:	exe RedLineStealer

Intelligence

File Origin

# of uploads :

# of downloads :

337

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

9f3607f7186cfac55fd5fe5dd62ebb60.exe

Verdict:

Suspicious activity

Analysis date:

2021-10-14 19:25:21 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/817b71a0-b3f4-4ff3-a708-30fb65a5c97b

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

RedLine

Link:

https://www.capesandbox.com/analysis/197605/

Detection(s):

SecuriteInfo.com.Variant.Fragtor.30921.10165.25300.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Connection attempt

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Generic Malware

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/8c3aed5c-4a95-4e59-b779-3551f09cfc2c

Result

Threat name:

RedLine

Detection:

malicious

Classification:

troj.evad

Score:

80 / 100

Link:

https://www.joesandbox.com/analysis/870705

Signature

Connects to many ports of the same IP (likely port scanning)

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Found malware configuration

Machine Learning detection for sample

Yara detected RedLine Stealer

Behaviour

Behavior Graph:

Download SVG

Detection:

redlinestealer

Link:

https://mwdb.cert.pl/sample/665b0cd8dfe3967ce59155497f7226118f0b840b2c9a8361bd1ae3630698f3a4/

Threat name:

Win32.Trojan.Generic

Status:

Suspicious

First seen:

2021-10-14 18:23:07 UTC

AV detection:

18 of 41 (43.90%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=mznqzwg74olhzzmrkvex64rgcghqxbalfsnigyn5dlrwgbuy6osa._file

Verdict:

malicious

RedLineStealer

220cc23821dc51e1de7ee0e492cef0c0fe9b3785baf6fcee88f56fcbae576bed

RedLineStealer

319d10acfc388b91ab59503ab0d16ca888abaf05fa8e6ba4b1f7a34a61228b5f

RedLineStealer

93cab9c0bb921b19441630eaff516d547c8083dd1e2bd7b8b799ec282af5ef23

RedLineStealer

c406c0b632f53da9dda00cb1114c086c099ac059b37a64d6cad6b64e7e096300

RedLineStealer

d0dda5dfd52eedeb0c31cc69428a488f7af8f66e6c3a736ff88c6ea1c8ebed35

RedLineStealer

f59e70c1e2703fd8d6016bad2f6b4ebd7824b52eab2bf63a0fdc96f0a3d16011

RedLineStealer

f934020452d58f327c22060903f625f8b9b39429afad32dc05faf58f4e3f32f9

RedLineStealer

+ 3'489 additional samples on MalwareBazaar

Result

Malware family:

redline

Score:

10/10

Tags:

family:redline botnet:usamoney infostealer

Link:

https://tria.ge/reports/211014-w1f2eaahcn/

Behaviour

RedLine

RedLine Payload

Malware Config

C2 Extraction:

45.142.215.47:27643

Unpacked files

SH256 hash:

94f190ffa964ad08448acc382f9513289fd26c58e888dd15137c5a65236a64e8

MD5 hash:

1f9661656c38437fe2718c67c2eb027e

SHA1 hash:

4cd0011e396e303eb2471b9c6dc45c141402490d

Link:

https://www.unpac.me/results/4a437c54-9154-426e-a9da-f19f3ab5cfe9/

SH256 hash:

b7a5d5529feac62517bc4a4ad2ed9fe11bc41f86278e1250cc39dc3e99cf9e1f

MD5 hash:

02cdfa8b1ac0e4765e3c3c21841e5741

SHA1 hash:

258018087d44e3211d55ebf454b693591831d67c

Link:

https://www.unpac.me/results/4a437c54-9154-426e-a9da-f19f3ab5cfe9/

SH256 hash:

e29f200555fedd39221dbde02ff2e276bf36f878c53530ee14da4a7f5c5d9b45

MD5 hash:

2f208b6fec7ac8eeffa63078a9a7af97

SHA1 hash:

064d100d7ddb6206a8bffdd893bfdfbd45e0af2b

Link:

https://www.unpac.me/results/4a437c54-9154-426e-a9da-f19f3ab5cfe9/

SH256 hash:

665b0cd8dfe3967ce59155497f7226118f0b840b2c9a8361bd1ae3630698f3a4

MD5 hash:

9f3607f7186cfac55fd5fe5dd62ebb60

SHA1 hash:

16753ff058ed21066f3d839816e453289c6e3777

Link:

https://www.unpac.me/results/4a437c54-9154-426e-a9da-f19f3ab5cfe9/

Malware family:

RedNet

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/665b0cd8dfe3/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/665b0cd8dfe3967ce59155497f7226118f0b840b2c9a8361bd1ae3630698f3a4

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.