MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7bf0a62c650e7f8407ea480d27f3a1629064c6c03db6b578e442dba7ea35490b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	7bf0a62c650e7f8407ea480d27f3a1629064c6c03db6b578e442dba7ea35490b
SHA3-384 hash:	45ce00accdb0d8b7f3b8f743699a3a3c79536d49a209f6f9ab5a674d8f60e626f7429a85b0d19dbd845b946fc2b1ea37
SHA1 hash:	20a54e4ac19b79f8bb9fd49584b42cb56a9e949e
MD5 hash:	42464d83d6f8b2ce1a88cf6c7c721c09
humanhash:	monkey-salami-purple-five
File name:	42464d83d6f8b2ce1a88cf6c7c721c09
Download:	download sample
Signature	RedLineStealer Alert Create hunting rule
File size:	529'280 bytes
First seen:	2023-12-21 02:37:16 UTC
Last seen:	2023-12-21 04:15:51 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	12062d8b6887d7a0da34142af6a26a3d (4 x RedLineStealer)
ssdeep	12288:HdKgCUUXiSLZQ88Xd6CWyc5obe6WzCSi3PR2CKNI8+aAcI/OMF:HdKg3ciT7Xd6CWyc5otSi352C2I8+aA5
Threatray	362 similar samples on MalwareBazaar
TLSH	T12BB4AE96734184FDECE72F3145A0AA70DE7CF7291BC942ABD7280ABABD1035051B5B93
TrID	47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 15.9% (.EXE) Win64 Executable (generic) (10523/12/4) 9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 7.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter	zbetcheckin
Tags:	32 exe RedLineStealer

Intelligence

---

File Origin

# of uploads :

2

# of downloads :

331

Origin country :

FR

Vendor Threat Intelligence

ANY.RUN smoke

Malware family:

smoke

Alert

Create hunting rule

ID:

1

File name:

b609ff3043cce55de06305281a780fac.exe

Verdict:

Malicious activity

Analysis date:

2023-12-20 04:52:08 UTC

Tags:

loader smoke smokeloader stealer redline

Link:

https://app.any.run/tasks/10580183-5670-467f-a83d-dff57f5bfc38

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

CAPE Sandbox

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/468699/

ClamAV Detected

Detection(s):

YARA.telnet_cgi.UNOFFICIAL

Alert

Create hunting rule

Dr. Web vxCube Malware

Result

Verdict:

Malware

Maliciousness:

Behaviour

Launching a process

Creating a window

Sending a custom TCP request

Unauthorized injection to a system process

FileScan.IO Malicious

Verdict:

Malicious

Threat level:

  10/10

Confidence:

100%

Tags:

control lolbin overlay packed rat stealer

Link:

https://www.filescan.io/uploads/6583a50c7d4bdb7f8bf93ad4/reports/cba564f4-4339-4378-8634-04fcd25a9808/overview

Hybrid Analysis Zusy.Generic

Verdict:

Malicious

Labled as:

Zusy.Generic

Link:

https://www.hybrid-analysis.com/sample/7bf0a62c650e7f8407ea480d27f3a1629064c6c03db6b578e442dba7ea35490b

InQuest MALICIOUS

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Intezer RedLine Stealer

Malware family:

RedLine Stealer

Alert

Create hunting rule

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/2c9e2ff5-3cc8-46b9-82a4-44debfd1b986

Joe Sandbox RedLine

Result

Threat name:

RedLine

Alert

Create hunting rule

Detection:

malicious

Classification:

troj.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/1365380

Signature

Allocates memory in foreign processes

Antivirus / Scanner detection for submitted sample

C2 URLs / IPs found in malware configuration

Contains functionality to inject code into remote processes

Contains functionality to inject threads in other processes

Found malware configuration

Injects a PE file into a foreign processes

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Writes to foreign memory regions

Yara detected RedLine Stealer

Behaviour

Behavior Graph:

Download SVG

Nucleon Malprob Malware

Score:

100%

Verdict:

Malware

File Type:

PE

Link:

https://malprob.io/report/7bf0a62c650e7f8407ea480d27f3a1629064c6c03db6b578e442dba7ea35490b

CERT.PL MWDB redlinestealer

Detection:

redlinestealer

Alert

Create hunting rule

Link:

https://mwdb.cert.pl/sample/7bf0a62c650e7f8407ea480d27f3a1629064c6c03db6b578e442dba7ea35490b/

ReversingLabs TitaniumCloud Win32.Trojan.Smokeloader

Threat name:

Win32.Trojan.Smokeloader

Alert

Create hunting rule

Status:

Malicious

First seen:

2023-12-20 10:51:54 UTC

File Type:

PE (Exe)

AV detection:

21 of 23 (91.30%)

Threat level:

  5/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ppykmldfbz7yib7kjagsp45bmkigjrwahw3lk6heiln2p2rvjefq._file

Threatray malicious

Verdict:

malicious

Similar samples:

02e42569523c6a7ffa95f5a770d9a441f5c7a70ffbd6691a6fa9629db1656afa

RedLineStealer

056f237a66ae57093fb7b664ee676e67df888143ca9c7664d0ca3eccdbb70ea0

RedLineStealer

45f05aabab4f0b75565e7049204b658ad0d9e87e7c1dd818244dbe15e59083b3

RedLineStealer

77d0e697edfe2dfa3fbff5f5245f57bb56469c46761a9b9dff34b6599e11f68a

RedLineStealer

7bf0a62c650e7f8407ea480d27f3a1629064c6c03db6b578e442dba7ea35490b

RedLineStealer

7f03e5acd3ea1df09896ec7f366dac623153f2085be36d7b50251411c03e87b5

RedLineStealer

d2a91bcf09bf0e0cf35213e66652457a40aff63d856ad49370612637a8847420

RedLineStealer

e193ea57d97c43c55d35817e1678a1f51d5f07f1895a4b8ad4ca7a1fab274d6b

RedLineStealer

+ 352 additional samples on MalwareBazaar

Hatching Triage redline

Result

Malware family:

redline

Alert

Create hunting rule

Score:

  10/10

Tags:

family:redline infostealer

Link:

https://tria.ge/reports/231221-c4p9psfden/

Behaviour

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

RedLine

RedLine payload

Malware Config

C2 Extraction:

194.26.192.132:12343

UnpacMe redline

Unpacked files

SH256 hash:

2a487a0f714d2094180d33659f2af0e0a50ba99ddc9236bd967973a33a94344a

MD5 hash:

8e5d744dd05dae5667dc8439fb471516

SHA1 hash:

ccea3844a7a3a25258916aaa0f5555c3f2dafb24

Detections:

redline

Alert

Create hunting rule

Link:

https://www.unpac.me/results/ea091e83-9b0f-44fd-8550-48396e8916b8/

SH256 hash:

7bf0a62c650e7f8407ea480d27f3a1629064c6c03db6b578e442dba7ea35490b

MD5 hash:

42464d83d6f8b2ce1a88cf6c7c721c09

SHA1 hash:

20a54e4ac19b79f8bb9fd49584b42cb56a9e949e

Link:

https://www.unpac.me/results/ea091e83-9b0f-44fd-8550-48396e8916b8/

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Malicious File

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/7bf0a62c650e7f8407ea480d27f3a1629064c6c03db6b578e442dba7ea35490b

File information

---

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

exe 7bf0a62c650e7f8407ea480d27f3a1629064c6c03db6b578e442dba7ea35490b

(this sample)

  

Delivery method

Distributed via web download

  

URLhaus

https://urlhaus.abuse.ch/url/2742868/

Cape

https://www.capesandbox.com/analysis/468699/

Comments

---

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

zbet commented on 2023-12-21 02:37:17 UTC

url : hxxps://zateghar.com/crypted.exe