MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7b988271813c4427f60be1eb527fff7d3270308b3e8d750663d70028e084e018. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 12


Intelligence 12 IOCs YARA 1 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7b988271813c4427f60be1eb527fff7d3270308b3e8d750663d70028e084e018
SHA3-384 hash: b6381c124049e766d288565bff15c53c414be4ade699bb1057bb75e0cbb33e456dbb5da56c814d4c8315ff20e924c34a
SHA1 hash: 1d586aaa8603d6fb26617950b1c0878710e548de
MD5 hash: d942626640bd34a96b1887f24feeecf7
humanhash: solar-hamper-echo-ack
File name:d942626640bd34a96b1887f24feeecf7
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:252'928 bytes
First seen:2021-08-19 19:46:31 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d14e6f286b56e073587d660c9cc6ef7f (7 x RedLineStealer, 3 x Amadey, 1 x 1xxbot)
ssdeep 3072:YjpHUCWz751iuPJv0+ZTCUb1TzMUIxapGa38Are8gecmQqEEOuARg9joKKT0yB3M:gCC651iwlMFiGajgex9pO89j2
Threatray 5'050 similar samples on MalwareBazaar
TLSH T19434E0317990C4B3C0533571C8A5FBA06E7AFD421BA6B9473A88273F1F713915A2E35A
dhash icon 1072c092b0381902 (9 x RedLineStealer, 9 x RaccoonStealer, 4 x CryptBot)
Reporter zbetcheckin
Tags:32 exe RedLineStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
134
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
g.exe
Verdict:
Malicious activity
Analysis date:
2021-08-19 09:59:21 UTC
Tags:
loader trojan opendir stealer evasion rat redline raccoon
Link:
https://app.any.run/tasks/130c8c64-0717-4594-af84-153059a6da1f

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
RedLine
Create hunting rule
Link:
https://www.capesandbox.com/analysis/180784/
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware1.21805.UNOFFICIAL
Create hunting rule

Win.Packed.Generic-9886938-0
Create hunting rule

Win.Packed.Generic-9887018-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Connection attempt to an infection source
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Malicious Packer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/b2a16b41-a9d8-4aea-adaf-5060f135851e
Result
Threat name:
RedLine
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/836022
Signature
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Potential time zone aware malware
Yara detected RedLine Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7b988271813c4427f60be1eb527fff7d3270308b3e8d750663d70028e084e018/
Threat name:
Win32.Ransomware.WannaCry
Create hunting rule
Status:
Malicious
First seen:
2021-08-19 01:03:54 UTC
AV detection:
25 of 27 (92.59%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pomie4mbhrccp5ql4hvve777puzhamelh2gxkbtd24acryee4ama._file
Verdict:
malicious
Similar samples:
27fb768ba20cf770d9bdc62e1403196784c903333235e0293b398df7647119f6
RedLineStealer
57df320d3530fe17721f6c50db2451e1791c2eba9634f4d07a7907f87ae0df95
RedLineStealer
5cce9b6a71a53d6d8f9cb245ee9153618ed3c41b6cf3a9319e6d484c9110fc64
RedLineStealer
6156d87e3545fa3109614d9a5195f186519658c6a351b21494ce72dfc5013082
RedLineStealer
a02e5e7cdf6be1972e1e08c12ca126431046f638a5cbe00d5bbd8cdb1bf68480
RedLineStealer
b55704fa2fb3db346332e5cfa37a04628a2ac747184e4104c929704eb4b5b2b4
RedLineStealer
b87200fd33230fb9a0c284b030ca1c07f5b63c379531de918c7da6288281c5e3
RedLineStealer
cd62e4fee322712a02787bcc881712ee41b99f8e8de3e425d90399bf5bf5fe75
RedLineStealer
e3a15791e70635e9247b56955c1677cde1307b814619ae6e4e8f07d3c9e75890
RedLineStealer
+ 5'040 additional samples on MalwareBazaar
Result
Malware family:
redline
Create hunting rule
Score:
  10/10
Tags:
family:redline botnet:mix19.08 infostealer
Link:
https://tria.ge/reports/210819-vsr8qg87ca/
Behaviour
Suspicious use of AdjustPrivilegeToken
RedLine
RedLine Payload
Malware Config
C2 Extraction:
185.215.113.15:61506
Unpacked files
SH256 hash:
31e61fb3b7649a54dc8aca98985edca351d2d38c426b34f8eface50558e7296b
MD5 hash:
167ea2ec1433491fed93561dc86abd6e
SHA1 hash:
c49ea6d802f3e4421bd74a373b331658943190b0
Link:
https://www.unpac.me/results/7889b13f-23f9-411f-9a7d-f85eba007521/
SH256 hash:
182b7f6cb45295fe007cedd1fef7feb8a73e90e6b6d2c3ce87aaf3031df17de3
MD5 hash:
ce9a101e59e1cf72901d03c559ed0232
SHA1 hash:
8f07c2823b7107e7a3366c8249a2b844ab387ccb
Link:
https://www.unpac.me/results/7889b13f-23f9-411f-9a7d-f85eba007521/
SH256 hash:
a451b6f80e6f133186f0530081fd12ee11f2e10f55415f4ac92b36f408d1b030
MD5 hash:
08fd86c0b242c5fad65b35b9b41a7554
SHA1 hash:
35085f48c77d34057e5e1bb5e8e7c1b0d46247f2
Link:
https://www.unpac.me/results/7889b13f-23f9-411f-9a7d-f85eba007521/
SH256 hash:
7b988271813c4427f60be1eb527fff7d3270308b3e8d750663d70028e084e018
MD5 hash:
d942626640bd34a96b1887f24feeecf7
SHA1 hash:
1d586aaa8603d6fb26617950b1c0878710e548de
Link:
https://www.unpac.me/results/7889b13f-23f9-411f-9a7d-f85eba007521/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7b988271813c4427f60be1eb527fff7d3270308b3e8d750663d70028e084e018

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:MALWARE_Win_RedLine
Create hunting rule
Author:ditekSHen
Description:Detects RedLine infostealer

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe 7b988271813c4427f60be1eb527fff7d3270308b3e8d750663d70028e084e018

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1547136/
Cape
Cape
https://www.capesandbox.com/analysis/180784/

Comments


Avatar
zbet commented on 2021-08-19 19:46:32 UTC

url : hxxp://hypercustom.top/jollion/apines1.exe