MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 734d84a8d02283d3da721d5118b2b1c512f4b3a526e93cff8f798ea3ad31cc9c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RedLineStealer

Vendor detections: 12

Intelligence 12 IOCs YARA 1 File information Comments

SHA256 hash:	734d84a8d02283d3da721d5118b2b1c512f4b3a526e93cff8f798ea3ad31cc9c
SHA3-384 hash:	fb3dc707e4fd15a00ed8e14020c76e1d7ae01746d8ee255c97a000e5ddde50d60b8293f14fab46cec0e1bc24eecd5669
SHA1 hash:	e7198411a47aff4ddf8db8b03a9758c0d7b9bcf3
MD5 hash:	5e4bd7c6f638b2be91efb1fad6d623b8
humanhash:	pizza-edward-yankee-blossom
File name:	5e4bd7c6f638b2be91efb1fad6d623b8.exe
Download:	download sample
Signature	RedLineStealer Create hunting rule
File size:	346'112 bytes
First seen:	2021-10-02 15:59:59 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	2acca7007d519418a75fa59166363dda (6 x RaccoonStealer, 5 x RedLineStealer, 2 x ArkeiStealer)
ssdeep	6144:LvAIxGgqxg5gOh70h7J60kWPBPrG6e79G/9Me8qD7hzG8Ys:LYafqxg5T70h8EPBPrRr9Me8oFG89
Threatray	2'613 similar samples on MalwareBazaar
TLSH	T1C674BF30B7E0C034F4B652B545B593B8AD397EB1A72451CB62D43AEE96342E4EC30B97
File icon (PE):
dhash icon	e0e8e8e8aa66a489 (8 x RaccoonStealer, 6 x RedLineStealer, 2 x Tofsee)
Reporter	abuse_ch
Tags:	exe RedLineStealer

Intelligence

File Origin

# of uploads :

# of downloads :

165

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

5e4bd7c6f638b2be91efb1fad6d623b8.exe

Verdict:

Suspicious activity

Analysis date:

2021-10-02 16:05:11 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/a55e9c32-6075-4d9a-9305-00459d834d42

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

RedLine

Link:

https://www.capesandbox.com/analysis/194225/

Detection(s):

SecuriteInfo.com.Variant.Fragtor.27383.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Connection attempt to an infection source

Malware family:

Generic Malware

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/145d2fbe-c912-4c9b-9a5e-d822ff3405aa

Result

Threat name:

RedLine

Detection:

malicious

Classification:

troj.evad

Score:

84 / 100

Link:

https://www.joesandbox.com/analysis/863229

Signature

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Found malware configuration

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Yara detected RedLine Stealer

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/734d84a8d02283d3da721d5118b2b1c512f4b3a526e93cff8f798ea3ad31cc9c/

Threat name:

Win32.Trojan.Fragtor

Status:

Malicious

First seen:

2021-10-02 09:37:31 UTC

AV detection:

24 of 45 (53.33%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=ongyjkgqekb5hwtsdvirrmvryujpjm5fe3utz74ppghkhljrzsoa._file

Verdict:

malicious

RedLineStealer

1ddd374b5dab71ded0cd75106c706994ceaebc0070033c58c48fe7005ba3ab5d

RedLineStealer

321d63317ced77342c3941d1eaeb6afda9399d15fe0716db550ebc2c793d4bb2

RedLineStealer

4db1b043b67049d92f8e96c2db44daebaf453d9ee832eacdc6c9401cf77b5c36

RedLineStealer

6c37269f0433c2184fd46355e7e2cab1c4cb397d285d3653ab9aa30ebacb30b0

RedLineStealer

74532d7202c2f8b32fc1b20221f5e918a6e97b37d8b542e5e288f0418bb542f8

RedLineStealer

b674d31e8600243e337e7d84294a35e1288b5d65806d4262c26e01a2b131ffee

RedLineStealer

d4bcfc7eac31ab3310de4fe8feb66dc6e1d9555493722b50c6fab5d03c4f290d

RedLineStealer

e478d033378ced618b0953a4a51cf1992d8839b2be0ec0f3300d66484ad1c043

RedLineStealer

fab15b7f61f816cf3128cc02c96d98d3385533087bc5afe3cd3799e7e034ce7f

RedLineStealer

+ 2'603 additional samples on MalwareBazaar

Result

Malware family:

redline

Score:

10/10

Tags:

family:redline botnet:uts infostealer

Link:

https://tria.ge/reports/211002-tfnveaedg6/

Behaviour

RedLine

RedLine Payload

Malware Config

C2 Extraction:

45.9.20.20:13441

Unpacked files

SH256 hash:

0af5150a5c8f9a5f2678baf604a172626ed229efb82df96d7c358b27eb035b95

MD5 hash:

45b9ad483e9f5647e8f37dc8824d3831

SHA1 hash:

fe09a099996b14eea72674be9a9a6c5963cf7cb8

Link:

https://www.unpac.me/results/c65b4155-90ee-4861-bff1-0742bd5d0b94/

SH256 hash:

2fe3f6fc8b9b9f4d1bddc0e97ddd64229da2a069cf199bcd435d14a3e27e4e19

MD5 hash:

f0f9a9448f7a0494d9bf6e11694bfce0

SHA1 hash:

e3d5c8af3b294813b562fead751cc5c2f5c8a51c

Link:

https://www.unpac.me/results/c65b4155-90ee-4861-bff1-0742bd5d0b94/

SH256 hash:

9fd5a295d9c662d120e8d2688ac4b645c3f4390299e4649b8bf76172f6a66425

MD5 hash:

07e9d4478cddb490f89b0edb4842ab0e

SHA1 hash:

48ea47adc76e29fbb23f8c82c7d1b4761f3216fa

Link:

https://www.unpac.me/results/c65b4155-90ee-4861-bff1-0742bd5d0b94/

SH256 hash:

734d84a8d02283d3da721d5118b2b1c512f4b3a526e93cff8f798ea3ad31cc9c

MD5 hash:

5e4bd7c6f638b2be91efb1fad6d623b8

SHA1 hash:

e7198411a47aff4ddf8db8b03a9758c0d7b9bcf3

Link:

https://www.unpac.me/results/c65b4155-90ee-4861-bff1-0742bd5d0b94/

Malware family:

RedNet

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/734d84a8d022/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/734d84a8d02283d3da721d5118b2b1c512f4b3a526e93cff8f798ea3ad31cc9c

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.