MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 679992075a6091645499fbb2164d8537b3973a73f9f72019d8cc4fe6e4a1eb97. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RedLineStealer

Vendor detections: 15

Intelligence 15 IOCs YARA File information Comments

SHA256 hash:	679992075a6091645499fbb2164d8537b3973a73f9f72019d8cc4fe6e4a1eb97
SHA3-384 hash:	a539a9bb1bda7dbbefff929aab5572a6bf8ab618076328bd4fb7d7483f913951d7b79842aad6b6bb168131db8db66dfa
SHA1 hash:	177a9b2093355281ae89fe62ffc58dc5e0961d01
MD5 hash:	15414b57adcee133749861b2e9eece99
humanhash:	one-july-harry-mars
File name:	15414b57adcee133749861b2e9eece99.exe
Download:	download sample
Signature	RedLineStealer Create hunting rule
File size:	387'072 bytes
First seen:	2022-04-12 12:43:26 UTC
Last seen:	2022-04-12 14:00:03 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	da226befdbef45462493cbd252b0858f (4 x RedLineStealer, 1 x DanaBot, 1 x CryptBot)
ssdeep	6144:cUlOqWAohUrYc4cT21fUChf9JJUwJ2Yfb1iOeJyKz96viuESN:jlrUUrx4cTi/hf9A3eb1IoK5uz
Threatray	4'471 similar samples on MalwareBazaar
TLSH	T1D484CF10BA90D034F5F752F44ABA83A8B92E7EE19B3451CB62D56AEE17345E4EC30317
File icon (PE):
dhash icon	8cda8ceeaa8edc94 (1 x RedLineStealer)
Reporter	abuse_ch
Tags:	exe RedLineStealer

Intelligence

File Origin

# of uploads :

# of downloads :

316

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

redline

ID:

File name:

15414b57adcee133749861b2e9eece99.exe

Verdict:

Malicious activity

Analysis date:

2022-04-13 03:28:00 UTC

Tags:

redline

Link:

https://app.any.run/tasks/08812a87-4ebc-49b1-af74-cef252f2625d

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

RedLine

Link:

https://www.capesandbox.com/analysis/263076/

Detection(s):

SecuriteInfo.com.Trojan.DownLoader44.49841.29229.21940.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/13603/overview

Behaviour

MalwareBazaar

SystemUptime

MeasuringTime

CheckCmdLine

EvasionGetTickCount

EvasionQueryPerformanceCounter

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

greyware packed ransomware smokeloader

Link:

https://www.filescan.io/uploads/625573f3ffe27d5119b58916/reports/f81eed8b-aff2-4619-97dd-5f71fe2fc9be/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Malicious Packer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/f39b46e7-7b07-4ecc-b191-01aeba992e6c

Result

Threat name:

RedLine

Detection:

malicious

Classification:

troj.evad

Score:

92 / 100

Link:

https://www.joesandbox.com/analysis/975525

Signature

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Found malware configuration

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected RedLine Stealer

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/679992075a6091645499fbb2164d8537b3973a73f9f72019d8cc4fe6e4a1eb97/

Threat name:

Win32.Ransomware.StopCrypt

Status:

Malicious

First seen:

2022-04-12 05:02:51 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

22 of 26 (84.62%)

Threat level:

5/5

Verdict:

malicious

RedLineStealer

284c3a7c666370376bce07b6c38ca16d4cff1f7008f5ac025e71b962d26482e9

RedLineStealer

68058955215cc890b90cdefc3fb88129a2b6b4f49a0adb5b1e3b31d72dc2c97c

RedLineStealer

7c221c6a44529cf6cb7ee65d706be2ec9fd4d1fe9bde5840b622e417908fd0bf

RedLineStealer

b30f1d14f3e24fbf48dc494613711e1b9f12a41c6e2c723947c3e3854d39a1c0

RedLineStealer

+ 4'461 additional samples on MalwareBazaar

Result

Malware family:

redline

Score:

10/10

Tags:

family:redline botnet:50 infostealer

Link:

https://tria.ge/reports/220412-pyhc5abdeq/

Behaviour

Suspicious use of AdjustPrivilegeToken

RedLine

RedLine Payload

Malware Config

C2 Extraction:

193.106.191.132:41177

Unpacked files

SH256 hash:

6805247888d22ea88f0506dfc0d4a39c85d19674101f2659ac0c479877faec0b

MD5 hash:

c8b3cdfcd6336de5e3f854c79b097b6e

SHA1 hash:

84337a8e4a2fa007752c761cd28f1311e169717c

Link:

https://www.unpac.me/results/dba373bc-2694-47e9-9933-020c853d18f8/

SH256 hash:

5ff6c585ba1ca791690c47b9d2164f8f4a0b1e1be4dd5ea7949b4088ad1ed31a

MD5 hash:

94df550b09ea3888d3c97cd7ca6b68c7

SHA1 hash:

82b44b60aca618dc953112ecdd205904d1df7fb9

Link:

https://www.unpac.me/results/dba373bc-2694-47e9-9933-020c853d18f8/

SH256 hash:

c73178410f201f31f3bb808381158ebb7b1caf9fbe1bffb2b92b66de7e2bc36b

MD5 hash:

ea541f60b23e9b9a2a54cfd3e96848f3

SHA1 hash:

48c57a65dff2a94280595065076bbc105ea5abd7

Link:

https://www.unpac.me/results/dba373bc-2694-47e9-9933-020c853d18f8/

SH256 hash:

679992075a6091645499fbb2164d8537b3973a73f9f72019d8cc4fe6e4a1eb97

MD5 hash:

15414b57adcee133749861b2e9eece99

SHA1 hash:

177a9b2093355281ae89fe62ffc58dc5e0961d01

Link:

https://www.unpac.me/results/dba373bc-2694-47e9-9933-020c853d18f8/

Malware family:

RedNet

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/679992075a60/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/679992075a6091645499fbb2164d8537b3973a73f9f72019d8cc4fe6e4a1eb97

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

exe 679992075a6091645499fbb2164d8537b3973a73f9f72019d8cc4fe6e4a1eb97

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/2140384/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/263076/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample