MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6af78646c93d5ecbc4474e69575e4ff8d89574c88e64b3493cb4c6f1350a7c65. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6af78646c93d5ecbc4474e69575e4ff8d89574c88e64b3493cb4c6f1350a7c65
SHA3-384 hash: bacbe095ce57de76a217f77ab5e492a74feced50591f450049f7808b072bff1cdc9a55bab5372c690e978ba74c30d964
SHA1 hash: 9acddd52621bab8ae29a2b6a96e65c6bbbc284be
MD5 hash: 4efc88818818ca493823e7efa29bc043
humanhash: eighteen-bravo-triple-network
File name:37629be22408d93d6d9d3e74318a642fd961c58f67424e850b9d428ad5441009.zip
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:91'556 bytes
First seen:2023-01-12 08:46:13 UTC
Last seen:Never
File type: zip
MIME type:application/zip
Note:This file is a password protected archive. The password is: infected
ssdeep 1536:aodB7dH26SgVO+EeU9ObPl3vQqcUax7EpigcdT2kq4HIP3iU1VkwErJzeuCBWS7R:aozZ27gwveU9GxwUQwp7UT2TaTQlYVx2
TLSH T15B9312B78AE3DB08C64D842E6B788EAA5F16135E607C793FAA1E77734C533211B11871
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter prim4th
Tags:dll RedLineStealer zip


Avatar
prim4th
This dll is payload extracted from original sample 6e1c4a1708e8e2ee40e95fb5fde40aed9ede85f5c04021b4b293ae44ef976dac

Intelligence

File Origin
# of uploads :
1
# of downloads :
184
Origin country :
UZ UZ
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:37629be22408d93d6d9d3e74318a642fd961c58f67424e850b9d428ad5441009
File size:261'120 bytes
SHA256 hash: 37629be22408d93d6d9d3e74318a642fd961c58f67424e850b9d428ad5441009
MD5 hash: 0b1e774bc868e9bf46d5803de5e5b275
MIME type:application/x-dosexec
Signature RedLineStealer
Vendor Threat Intelligence
Result
Verdict:
Unknown
File Type:
PE File
Link:
https://app.docguard.net/6af78646c93d5ecbc4474e69575e4ff8d89574c88e64b3493cb4c6f1350a7c65/results/dashboard
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed stealer
Link:
https://www.filescan.io/uploads/63bfc906c77c15b5d69e4725/reports/b765a7c1-1f34-438e-9471-e935d5fc4afc/overview
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/6af78646c93d5ecbc4474e69575e4ff8d89574c88e64b3493cb4c6f1350a7c65
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6af78646c93d5ecbc4474e69575e4ff8d89574c88e64b3493cb4c6f1350a7c65/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nl3ymrwjhvpmxrchjzuvoxsp7dmjk5girzslgsj4wtdpcnikprsq._file
Result
Malware family:
redline
Create hunting rule
Score:
  10/10
Tags:
family:redline
Link:
https://tria.ge/reports/230112-laq4ksbd5y/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Redline
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6af78646c93d5ecbc4474e69575e4ff8d89574c88e64b3493cb4c6f1350a7c65

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe 6e1c4a1708e8e2ee40e95fb5fde40aed9ede85f5c04021b4b293ae44ef976dac

RedLineStealer

zip 6af78646c93d5ecbc4474e69575e4ff8d89574c88e64b3493cb4c6f1350a7c65

(this sample)

  
Dropped by
SHA256 6e1c4a1708e8e2ee40e95fb5fde40aed9ede85f5c04021b4b293ae44ef976dac
  
Delivery method
Other
  
URLhaus
https://urlhaus.abuse.ch/url/2502190/
  
Dropped by
MD5 51fdcb672f4cf404d449b16ba022ed86

Comments