MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 69d2b581f741bd5b54f9854172b78b93c7a661d89888adf463c83e6ebe216c7f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 14


Intelligence 14 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 69d2b581f741bd5b54f9854172b78b93c7a661d89888adf463c83e6ebe216c7f
SHA3-384 hash: 2b09093323f4889ce3460396563bf9cfcd1737fe0818b965c89cc349913da6db40471587433da93436e796e849b9a257
SHA1 hash: 4bce8ad92f3160155bdee17e04068bdea0594705
MD5 hash: 24d81523b3033dddc3bf6526d86f819d
humanhash: three-purple-monkey-lemon
File name:24d81523b3033dddc3bf6526d86f819d
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:394'574 bytes
First seen:2023-12-21 02:37:08 UTC
Last seen:2023-12-21 04:15:49 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash ec29083df1aec6a6221dd2d98de08acc (1 x LummaStealer, 1 x RedLineStealer)
ssdeep 12288:5JMbnn6WTGU49SM66cS4jI5ZU6L322rZRU/EB1X7I:nMuWr49SM66cS4jIbU6nxPc
TLSH T1BA849E362D634872CC6FB0B2F8ABC50E7B5FBA43465653F3150923219793A980DA794F
TrID 45.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
18.3% (.EXE) OS/2 Executable (generic) (2029/13)
18.0% (.EXE) Generic Win/DOS Executable (2002/3)
18.0% (.EXE) DOS Executable Generic (2000/1)
Reporter zbetcheckin
Tags:32 exe RedLineStealer

Intelligence

File Origin
# of uploads :
2
# of downloads :
331
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
redline
Create hunting rule
ID:
1
File name:
New Text Document mod.exe
Verdict:
Malicious activity
Analysis date:
2023-12-21 04:06:28 UTC
Tags:
opendir loader stealer redline hausbomber amadey botnet guloader trojan lokibot originbotnet agenttesla
Link:
https://app.any.run/tasks/ba74f21c-6321-47bc-98d1-73bbe05a2cca

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/468698/
Detection(s):
SecuriteInfo.com.Trojan.PWS.Siggen3.35132.15109.11566.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a window
Sending a custom TCP request
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
stealer
Link:
https://www.filescan.io/uploads/6583a50b439457868c0641ac/reports/eea3ac73-3062-4af8-98fc-8b3942c007d6/overview
Verdict:
Malicious
Labled as:
Ser.Zusy.Generic
Link:
https://www.hybrid-analysis.com/sample/69d2b581f741bd5b54f9854172b78b93c7a661d89888adf463c83e6ebe216c7f
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/f37cd799-5154-43fc-a8b3-5280ce508f00
Result
Threat name:
RedLine
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/1365381
Signature
Antivirus detection for URL or domain
C2 URLs / IPs found in malware configuration
Connects to many ports of the same IP (likely port scanning)
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Yara detected RedLine Stealer
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/69d2b581f741bd5b54f9854172b78b93c7a661d89888adf463c83e6ebe216c7f
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/69d2b581f741bd5b54f9854172b78b93c7a661d89888adf463c83e6ebe216c7f/
Threat name:
Win32.Trojan.RedLine
Create hunting rule
Status:
Malicious
First seen:
2023-12-18 19:15:39 UTC
File Type:
PE (Exe)
AV detection:
20 of 23 (86.96%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nhjllapxig6vwvhzqvaxfn4lspd2myoytcek35ddza7g5prbnr7q._file
Verdict:
malicious
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/231221-c4p9psfdem/
Unpacked files
SH256 hash:
18fa381ac1af1a58084ef118da9b0bc01cd58c735c8d6594deb5795074f7b322
MD5 hash:
53aff681af5c810716e0250e9b48bb01
SHA1 hash:
31ad0a9308a7dbe85c2d4f03337558f3b85c9975
Detections:
redline
Create hunting rule
INDICATOR_EXE_Packed_ConfuserEx
Create hunting rule
Link:
https://www.unpac.me/results/78b78f04-aeee-48d8-9855-bf5aa58eaec2/
SH256 hash:
69d2b581f741bd5b54f9854172b78b93c7a661d89888adf463c83e6ebe216c7f
MD5 hash:
24d81523b3033dddc3bf6526d86f819d
SHA1 hash:
4bce8ad92f3160155bdee17e04068bdea0594705
Link:
https://www.unpac.me/results/78b78f04-aeee-48d8-9855-bf5aa58eaec2/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/69d2b581f741bd5b54f9854172b78b93c7a661d89888adf463c83e6ebe216c7f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe 69d2b581f741bd5b54f9854172b78b93c7a661d89888adf463c83e6ebe216c7f

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2742867/
Cape
Cape
https://www.capesandbox.com/analysis/468698/

Comments


Avatar
zbet commented on 2023-12-21 02:37:09 UTC

url : hxxps://zateghar.com/againn.exe