MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6ac8bb213bf104bcca23ebeb4c44acea64ddb334f655b956f318e809fd533974. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RedLineStealer

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	6ac8bb213bf104bcca23ebeb4c44acea64ddb334f655b956f318e809fd533974
SHA3-384 hash:	db7e6329f67950a1fec96d6cec2533ad0e5718613bf6070e1d8380c6013590329bf29970e5bf9fb3cb4e7f3435ff4379
SHA1 hash:	ef2bc218cb6d87137f61622fd19bfead084d962e
MD5 hash:	98cab24317014d3cd4181cc642bd3add
humanhash:	florida-oregon-king-utah
File name:	98cab24317014d3cd4181cc642bd3add.exe
Download:	download sample
Signature	RedLineStealer Create hunting rule
File size:	707'072 bytes
First seen:	2021-10-10 11:52:01 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	d65c67dd6f4a95898a66b39f504dd200 (4 x RedLineStealer, 1 x CryptBot, 1 x RaccoonStealer)
ssdeep	12288:U9nMPXHy6o/qomTiOyoSU322RPizA/2Jsr1mHiCTg2ytsEpEqUfVAGVKWPCGLc8:UdMPXeqomOOzjClo2tEWqsATWP7
Threatray	774 similar samples on MalwareBazaar
TLSH	T104E4E01077A0C030F6B626F44A7A9268E93E7DA16B2892DF52C12EDE57356E0FC31357
File icon (PE):
dhash icon	9824e790c4e72158 (31 x RedLineStealer, 18 x Smoke Loader, 16 x ArkeiStealer)
Reporter	abuse_ch
Tags:	exe RedLineStealer

Intelligence

File Origin

# of uploads :

1

# of downloads :

185

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

98cab24317014d3cd4181cc642bd3add.exe

Verdict:

Malicious activity

Analysis date:

2021-10-10 12:02:29 UTC

Tags:

evasion opendir

Link:

https://app.any.run/tasks/1f640314-9f1e-4c5e-b404-8b8251066c2b

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

RedLineDropperAHK

Link:

https://www.capesandbox.com/analysis/196382/

Detection(s):

SecuriteInfo.com.Ransom.Stop.Z5.23851.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

Creating a window

DNS request

Connection attempt

Sending a custom TCP request

Sending an HTTP GET request

Creating a file in the %AppData% subdirectories

Launching a process

Creating a file in the Windows subdirectories

Deleting a recently created file

Forced system process termination

Forced shutdown of a system process

Unauthorized injection to a system process

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

greyware packed

Link:

https://www.filescan.io/uploads/6162d3e93831960005b2b7ff/reports/33d774e1-aa7a-4892-b135-1a6998cbf1af/overview

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/6ac8bb213bf104bcca23ebeb4c44acea64ddb334f655b956f318e809fd533974/

Threat name:

Win32.Trojan.Generic

Status:

Suspicious

First seen:

2021-10-10 01:49:00 UTC

AV detection:

14 of 28 (50.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=nlelwij36eclzsrd5pvuyrfm5jsn3mzu6zk3svxtdduat7kthf2a._file

Verdict:

malicious

Similar samples:

4251c1dee8c3018c0fa6ab14f732b9acd34519f4fa37d9f1f8397533de7eece5

5be49a4fde23f58d6cc7616b234a9b0d9dffe316b545377d202ba8461974d733

64d2f9f6fab520c3de6f37e7c6f3d77cacc2988d0df3f107536cf0eff8a12862

658649933d0c88c7252be289027158b60cefffb9c6102bb6f963c68d9ddf8191

aac3cb0f57c021124e3dcaab730faaf8771f9cd0af9f39a5b41ba493a7f2ccbe

b40237da751e4e9fd761680e3fcb0ee6ca9664569ea3f8ef0d9cbf1d85943bab

d8271e3a38ba916aa701c5b4cb01eb75abface3d401e604248434d7f79ffaad0

fd1950809cc08c90a09af1289b6107d2f86f4873eca54d2ef2baf3a0590a5491

+ 764 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

10/10

Tags:

suricata

Link:

https://tria.ge/reports/211010-n1rtxafham/

Behaviour

Checks processor information in registry

Enumerates physical storage devices

Legitimate hosting services abused for malware hosting/C2

suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger

suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/6ac8bb213bf104bcca23ebeb4c44acea64ddb334f655b956f318e809fd533974

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 6ac8bb213bf104bcca23ebeb4c44acea64ddb334f655b956f318e809fd533974

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/1662341/

Delivery method

Distributed via web download

Cape

Cape

https://www.capesandbox.com/analysis/196382/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample