MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7379bbd5a1cd0eb22a5dadc206074e2fc053692cd1e665cf569ddf9fa3b3fbcc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 5


Intelligence 5 IOCs 1 YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7379bbd5a1cd0eb22a5dadc206074e2fc053692cd1e665cf569ddf9fa3b3fbcc
SHA3-384 hash: 7059bbff878163cb7caa3a71f897867e49de65750e2af7832bedb3adca646ed656b309ece418ba3ed7d288a79b72d495
SHA1 hash: 61be942a4a1cc9db6fe9bada4ee4bddba5b70d90
MD5 hash: 7a7d89ac4d82aa7795f2b9f1a31e5af7
humanhash: purple-leopard-football-paris
File name:WhatsApp.zip
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:2'095'385 bytes
First seen:2022-10-03 08:08:50 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:S8d0uPJoYYRUg0A+iV7iC5xRpwHotUFUAsGWV18wr+tNUtdkP74cvUv2R:S8OuXYR1R+iViyijyjVhWmtCPyv2R
TLSH T19AA5F04689A21FA9CC5D017D94CF4F426669FB8A8812E76F0361F27F3FB7AF09824445
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter ankit_anubhav
Tags:FakeWhatsApp file-pumped RedLineStealer zip

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
38.91.100.57:32750 https://threatfox.abuse.ch/ioc/866131/

Intelligence

File Origin
# of uploads :
1
# of downloads :
227
Origin country :
n/a
File Archive Information

This file archive contains 39 file(s), sorted by their relevance:

File name:Windows.Data.TimeZones.da-DK.pri
File size:58'728 bytes
SHA256 hash: edfa21b93ca8e287cddc04641281a019b9734210cd859221eaac4c65e347cc3a
MD5 hash: c026c1996011f6554b6f1e00457a9f2c
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.tr-TR.pri
File size:59'992 bytes
SHA256 hash: 988b994ecce792d13b944e330c07bae2b31f83422fed98539e85c960aed5c96c
MD5 hash: cd84d139fbfe55c9ed4323b4186069fd
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.en-GB.pri
File size:60'264 bytes
SHA256 hash: f115194ef0c5ca1fb6b5db282ecdd1589a72b19cf07b7625bb84999beebc6e6a
MD5 hash: aae5b8cf9d71d1fe93e3acb9b11c0571
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.ko-KR.pri
File size:54'624 bytes
SHA256 hash: 25004071482b8b8c3b632ea3fffea1e2f3e08c8563cd9a43ef6871993ecff554
MD5 hash: cb8a60e502d21a5630f852f8bb24c0fb
MIME type:application/octet-stream
Signature RedLineStealer
File name:WhatsApp.exe
Pumped file This file is pumped. MalwareBazaar has de-pumped it.
File size:734'003'200 bytes
SHA256 hash: 658b0fd44002ad353d0cf9cb604e9b8cfcad04a3d221c5133bcf6872bca73577
MD5 hash: eed6f462fa1726e08e0484b390ca06b0
De-pumped file size:1'668'096 bytes (Vs. original size of 734'003'200 bytes)
De-pumped SHA256 hash: 9baefe58d54446f6549a12d7641d76e5f6f443e85a9af5a2e4ba335353f18f5c
De-pumped MD5 hash: b519eb128e1ec9a3f0027152f9f4e63f
MIME type:application/x-dosexec
Signature RedLineStealer
File name:Windows.Data.TimeZones.ja-JP.pri
File size:53'688 bytes
SHA256 hash: bb334b03cfdad0e04ef026f17f48e860f1570166921a0b634a05d05373f42918
MD5 hash: 38327a60e9ba52306679de6df9f4c55d
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.de-DE.pri
File size:59'384 bytes
SHA256 hash: 255406e56ced1dc62fc3a10f090055d5f8f209018363cd26a264d058d9e1ac15
MD5 hash: f4406a7b443ce9d6847833521a592ee5
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.ro-RO.pri
File size:60'968 bytes
SHA256 hash: fc94b1a4635d912ab4c6785035881128b313ebdfa2e085487ff5fa99c9613ed0
MD5 hash: 364d041a57d1987452fac38f438a36ec
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.uk-UA.pri
File size:60'448 bytes
SHA256 hash: 8f05472118f4851fae5f60583d41df86ba93742941c540f1bd2d56e9e8fd76af
MD5 hash: 3860fe52b525dbd738086ac492ca25ea
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.zh-CN.pri
File size:53'088 bytes
SHA256 hash: 2fbac27b85b7fa0e2125b8decdb2715ae5d31698fb164f69b87058aaf08c6377
MD5 hash: a8a83ce0dd2c294a5eacba16bef68ac9
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.sl-SI.pri
File size:61'280 bytes
SHA256 hash: 0f81f6e058e219b08767c185873fdb2c49c244ca447f4ec5c222e3f78d9762c1
MD5 hash: 725b191ce94d81d88db473484518487a
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.el-GR.pri
File size:60'472 bytes
SHA256 hash: 4ffbf81520ff1799ff2bb9980e4f2a0c1a481b8a81ffea47336c3da247a21955
MD5 hash: 12bc00aaa53affc4ac75ca36026b0f7e
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.en-US.pri
File size:60'232 bytes
SHA256 hash: dc7619ae9ca45a9ee10f529790739f389e6cb48a8ef43c3b8c0994416fe313be
MD5 hash: c9fc44d96aad7aa18256c3275afc89c1
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.es-ES.pri
File size:62'440 bytes
SHA256 hash: be74a52aefc4477746de5a724986dac67fe25af44f08140f6460aec03289ac46
MD5 hash: 814041542f6bdfb3096420196e1f9947
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.hr-HR.pri
File size:63'512 bytes
SHA256 hash: 414728a60bdf1280e6afeb33265441fe98cb712247513f40964316d536ce3098
MD5 hash: 3e6f6a2cdc0393f3aecb682bfe9720b0
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.nl-NL.pri
File size:60'960 bytes
SHA256 hash: 551b8df37682a9ed305aebf2316f9af06e2f2cb38fa450ab38c511f8db65abfa
MD5 hash: 2bfd2e8cccba20490bbaad805a60579e
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.hu-HU.pri
File size:59'608 bytes
SHA256 hash: 7e1026b000b1a19d290670f76196ef7ef989bce1a3332bc357bbadbacc130e95
MD5 hash: f2f1668003837e1a2e1d772b71455e3a
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.ar-SA.pri
File size:61'368 bytes
SHA256 hash: 5235f088abf83567158ebc9823361c6d48a6760a30d94c9c1278f344b4f1bc27
MD5 hash: cd06f6c5e16d133f513a7bf04b03a975
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.sv-SE.pri
File size:58'712 bytes
SHA256 hash: ed6b891b78f46f9eb4696b26c07c38495daacdaa371fe0a7d542888928e7b6e6
MD5 hash: fe2110d99fcfbf39efa852da6bca7a90
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.et-EE.pri
File size:59'176 bytes
SHA256 hash: ad0664e8b0ba063702370d23dd4f28a3f6798bdf4533a3a57982ae6f277c3cfd
MD5 hash: 8cf19d37bbdf2beb7809716cc0ad6649
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.cs-CZ.pri
File size:61'120 bytes
SHA256 hash: 6333f54bdc5dadc273bc81e2147946ec5eead2a4c1dd1c02f45f7aaa7f96282f
MD5 hash: dc3d2747afb38474bfc398c6a81bb667
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.pl-PL.pri
File size:61'016 bytes
SHA256 hash: 4ed554e37668cac910873a68c1ecea71652038b6f2a69071fa5f2eab6df45d13
MD5 hash: 81f433e8639528e501ba2114dd6cbaef
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.sk-SK.pri
File size:61'120 bytes
SHA256 hash: 7f76985fe3f3a06a2a6d8340af970dcffdb333886b47779e76d59c2f5c0b1ed5
MD5 hash: 34867aacc5bbf2ab0cb4ce034fa1819e
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.bg-BG.pri
File size:63'536 bytes
SHA256 hash: bce051c6ef5406f995468c92f4cf24b925fae820b16440075f693520dae0938c
MD5 hash: 7427eb5b4a8806490d5ba8fb4f26a88b
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.pri
File size:38'464 bytes
SHA256 hash: 4da7a88eb1297166a58c97118dd8c243bd56944e12bf37a72e83800676a56acf
MD5 hash: 659264736290835a96b6799888d2c977
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.sr-Latn-RS.pri
File size:62'840 bytes
SHA256 hash: fec82f0c32f3f6b2cc3f7a202096291fca0ee8950db479fa0b9f9b1f40b8dfc5
MD5 hash: eeaaa68f2107fc8b873cff762f80dcca
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.fr-FR.pri
File size:58'608 bytes
SHA256 hash: fe55ae7faf9f5ef2d1eccce242e4067ce1eb80d43e929d9b06e2b532afb4538a
MD5 hash: ba4d5212cc05b3418a75a680fe9c60bb
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.nb-NO.pri
File size:59'744 bytes
SHA256 hash: f2ebbc78e8a6d948602966666c850f2204a227eec9134665a281600c3eacca92
MD5 hash: c54e19a59616a934ce307d68d1f92c6b
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.pt-PT.pri
File size:61'912 bytes
SHA256 hash: b32da327c542da510216da528607f650d62b3c2a994e89793b42df0344a69c53
MD5 hash: 7bc05d0daa68a1f4fd7cd8eeff9b8eaa
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.zh-TW.pri
File size:53'296 bytes
SHA256 hash: 10199f53ea067ed3374c17f96970a6449a53af9104d6bcec2987d4f87ac446f5
MD5 hash: 0a08dd4c1d278726e26e4eb74691107c
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.lv-LV.pri
File size:61'832 bytes
SHA256 hash: 1b5d35a3b33608a869fb4b5fa1a555ccf4fcfc94db86a029cf74360f15b18642
MD5 hash: 928b039299c21826e54248ae1033d182
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.lt-LT.pri
File size:62'752 bytes
SHA256 hash: d251cf0a77c6582b964534fe8a79f145fab0b287bf8790c2bbe743b9ee226bb2
MD5 hash: 10ff25d3ab636563273cc8cba30a0dac
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.it-IT.pri
File size:59'736 bytes
SHA256 hash: 7bb864616c52ced54b75da74248f45821f537eeebf30f6687cd218a48b568d4d
MD5 hash: 56128e460b95027f6ebcef1ad09135fa
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.ru-RU.pri
File size:59'848 bytes
SHA256 hash: 990f9a755681f1557f1ea4c6fd4891d94be0bb40c8cfd8fcba681d491f405ca4
MD5 hash: 4cb1bca419ddc1133acca3cdef914b07
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.zh-HK.pri
File size:53'296 bytes
SHA256 hash: d472e3a9e2b7da7e796813de306fe22ca99ceacae3af7a6082a4f2c6facf92ee
MD5 hash: de49bacebc4a0d6a39633a41d02b47fc
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.pt-BR.pri
File size:63'400 bytes
SHA256 hash: 6d35f36eebe84a69ffc604af0215916d76fe665674e2d8ca4f0ae2dfc95c9401
MD5 hash: 156ce417167eb988b57689464a259150
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.th-TH.pri
File size:60'456 bytes
SHA256 hash: 078f83ea5094f15a0f8b60f57737987161f178d512198f268057c10028c83368
MD5 hash: c29991bc708f7b0b4e1df4b9f90df516
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.he-IL.pri
File size:58'400 bytes
SHA256 hash: fb0075517b20084f88759ecbb9d8f770018bb5b92764138be95931d58943f1d9
MD5 hash: 76920b889d7eb6925a8fdc2a10b58bc5
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.fi-FI.pri
File size:60'136 bytes
SHA256 hash: 98f11f4083f64b577ed9273847210138b235e6db525a1c92de91634ca0db85d1
MD5 hash: 2cf2bbe7fd1d66b8fc0f8a117d88e023
MIME type:application/octet-stream
Signature RedLineStealer
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.PUA.EmbeddedEXE-1.UNOFFICIAL
Create hunting rule

Gathering data
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/7379bbd5a1cd0eb22a5dadc206074e2fc053692cd1e665cf569ddf9fa3b3fbcc
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7379bbd5a1cd0eb22a5dadc206074e2fc053692cd1e665cf569ddf9fa3b3fbcc/
Threat name:
Win32.Trojan.GenericML
Create hunting rule
Status:
Malicious
First seen:
2022-10-03 10:54:25 UTC
AV detection:
7 of 40 (17.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=on43xvnbzuhleks5vxbamb2of7afg2jm2htglt2wtxpz7i5t7pga._file
Result
Malware family:
redline
Create hunting rule
Score:
  10/10
Tags:
family:redline botnet:ws-30 discovery infostealer spyware stealer
Link:
https://tria.ge/reports/221003-j15csaeeb5/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Checks computer location settings
Reads user/profile data of web browsers
RedLine
RedLine payload
Malware Config
C2 Extraction:
38.91.100.57:32750
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/7379bbd5a1cd0eb22a5dadc206074e2fc053692cd1e665cf569ddf9fa3b3fbcc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

zip 7379bbd5a1cd0eb22a5dadc206074e2fc053692cd1e665cf569ddf9fa3b3fbcc

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2346044/
  
Delivery method
Distributed via web download

Comments