MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 73b847df999248b0ade77878c380cf1f6e56a583a40645351558931b9c989e77. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 73b847df999248b0ade77878c380cf1f6e56a583a40645351558931b9c989e77
SHA3-384 hash: fdc6b3917f1541714584561dc29c00ceedd2495930073b60fe6e99ef1126b8f3d04e6c26aaad319eb8761921ee76463d
SHA1 hash: aa8de7e74f55ec776b3df16e375635d0a6da82ff
MD5 hash: b7b3f433288a00412d12e70f339d8a00
humanhash: nuts-tango-social-cola
File name:b7b3f433288a00412d12e70f339d8a00
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:574'464 bytes
First seen:2022-03-08 17:25:21 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 445554923421947cbff896012e27345a (301 x RedLineStealer, 11 x RaccoonStealer, 5 x CoinMiner)
ssdeep 12288:XP2v0cEKWVRxv3midsQS03ULaHNqrxlKIQNooXmJmzg9Bm7I:XP2M/vLdskEaHNYK3wzUc
TLSH T1CEC423CF62C3B626C28F80B87C21AD5FDB5D4D69A5F085CBC695CD0F3898491E5B90AC
Reporter zbetcheckin
Tags:32 exe RedLineStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
174
Origin country :
n/a
Vendor Threat Intelligence
Detection:
RedLine
Create hunting rule
Link:
https://www.capesandbox.com/analysis/248393/
Detection(s):
PUA.Win.Packer.Asprotect-3
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Launching a process
Creating a window
Using the Windows Management Instrumentation requests
Reading critical registry keys
Сreating synchronization primitives
DNS request
Sending a custom TCP request
Creating a file
Sending a TCP request to an infection source
Stealing user critical data
Unauthorized injection to a system process
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/62279ab90cd58dbd926882db/reports/e5b0b34a-3f7e-4abf-b93b-601e3c9b5cea/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/8c9fea74-680a-4055-b134-21b4f8c20927
Result
Threat name:
RedLine
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/952918
Signature
Allocates memory in foreign processes
Found malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
PE file has nameless sections
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
Yara detected RedLine Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/73b847df999248b0ade77878c380cf1f6e56a583a40645351558931b9c989e77/
Threat name:
Win32.Trojan.Woreflint
Create hunting rule
Status:
Malicious
First seen:
2022-03-08 17:19:41 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
23 of 27 (85.19%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=oo4epx4zsjelblphpb4mhagpd5xfnjmduqdeknivlcjrxheytz3q._file
Verdict:
malicious
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/220308-vzvmqshfe4/
Behaviour
Program crash
Unpacked files
SH256 hash:
31745108cc7861cfd36b5474e2917a72d8503dcb4abd13d84196c0b924fc4599
MD5 hash:
ae398e776d98a124be7982442266ffc3
SHA1 hash:
7be95cccbaa752fb9c1709d724112feac9c90cdb
Link:
https://www.unpac.me/results/ba33cb7c-c9af-4c6d-8560-67546977dd5f/
SH256 hash:
0f89c9f65b449c1d611e091a4006a434c1e8db4433b5ea164afa8f6040a5d619
MD5 hash:
0ce5f772b4c4113eafbda16999ae9ad6
SHA1 hash:
0e8fab8d45149d56e8388fdb32e1a33b81a721ca
Link:
https://www.unpac.me/results/ba33cb7c-c9af-4c6d-8560-67546977dd5f/
SH256 hash:
73b847df999248b0ade77878c380cf1f6e56a583a40645351558931b9c989e77
MD5 hash:
b7b3f433288a00412d12e70f339d8a00
SHA1 hash:
aa8de7e74f55ec776b3df16e375635d0a6da82ff
Link:
https://www.unpac.me/results/ba33cb7c-c9af-4c6d-8560-67546977dd5f/
Malware family:
RedLine.D
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/73b847df9992/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Redline
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/73b847df999248b0ade77878c380cf1f6e56a583a40645351558931b9c989e77

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe 73b847df999248b0ade77878c380cf1f6e56a583a40645351558931b9c989e77

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2084506/
Cape
Cape
https://www.capesandbox.com/analysis/248393/

Comments


Avatar
zbet commented on 2022-03-08 17:25:23 UTC

url : hxxps://eth-take22.me/navalny.exe