MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 800346e0531230e0cde13dad6e6795fbf298fdc95c97481f6c28c4a1043227ce. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RedLineStealer

Vendor detections: 9

Intelligence 9 IOCs YARA 4 File information Comments

SHA256 hash:	800346e0531230e0cde13dad6e6795fbf298fdc95c97481f6c28c4a1043227ce
SHA3-384 hash:	8f11aea1bac6b7abbe2851f0172a4eb3c991814829c3599614066d3f81aeed5ec2fc5d1cbdd158c39c4e9da41badad2b
SHA1 hash:	02a05ae5ff6ce5702a648e58763888c382dfe849
MD5 hash:	4aa9798ac88cd4c133b54bb2b224bead
humanhash:	purple-tennessee-seven-zebra
File name:	4aa9798ac88cd4c133b54bb2b224bead.exe
Download:	download sample
Signature	RedLineStealer Create hunting rule
File size:	230'640 bytes
First seen:	2021-10-07 19:48:59 UTC
Last seen:	2021-11-03 10:36:54 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'649 x AgentTesla, 19'461 x Formbook, 12'202 x SnakeKeylogger)
ssdeep	3072:OIf0S3VwBvG9amMq6n+3AmDONQzdn/MEfdJYeLBJdsHi7+24vLnN5f0xnJvIfyWP:x8S88/ME1JYeLBTqk+7N5f0zEy0J
Threatray	73 similar samples on MalwareBazaar
TLSH	T10E344A1C2B989E20F33C067AC4E14104F7F19A96604BE74B6DD038E97E52BD6E61B6C7
Reporter	abuse_ch
Tags:	exe RedLineStealer

Intelligence

File Origin

# of uploads :

# of downloads :

289

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

4aa9798ac88cd4c133b54bb2b224bead.exe

Verdict:

Suspicious activity

Analysis date:

2021-10-07 19:51:36 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/e0e2ba8e-64d4-4f20-a9e4-77bd5892575c

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

RedLine

Link:

https://www.capesandbox.com/analysis/195955/

Detection(s):

SecuriteInfo.com.Suspicious.Win32.Save.a.27588.15881.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Connection attempt

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

hacktool obfuscated overlay packed stealer

Link:

https://www.filescan.io/uploads/615f4f31e3d213d202ba5526/reports/dfaea9b3-bb4f-4aa8-b325-e2babe05a9f1/overview

Malware family:

RedLine stealer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/7b75998a-b0ba-4de6-bed4-582abbc6fc54

Result

Threat name:

RedLine

Detection:

malicious

Classification:

troj.evad

Score:

52 / 100

Link:

https://www.joesandbox.com/analysis/866685

Signature

.NET source code contains potential unpacker

Yara detected RedLine Stealer

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/800346e0531230e0cde13dad6e6795fbf298fdc95c97481f6c28c4a1043227ce/

Threat name:

ByteCode-MSIL.Trojan.Sabsik

Status:

Malicious

First seen:

2021-10-07 18:53:01 UTC

AV detection:

13 of 28 (46.43%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=qabunyctciyobtpbhwww4z4v7pzjr7ojlsluqh3mfdckcbbse7ha._file

Verdict:

unknown

RedLineStealer

1abadd3fb21dbf1da2254539c73517d2af43ef9bdc3c67de66466fb961cb3fe6

RedLineStealer

1b18ce7b513855676ef76c17fcf6b6d492f20e197fae1090e722b43f7f5ff2df

RedLineStealer

5e04fd1dbb733087f3ef4de2d2778d0696f6228cb2e07f586c999dd39d960f16

RedLineStealer

70b67fb490756a02895239611d044a18ad4e719712611745fe5fd19c716e4e95

RedLineStealer

8c2d2276dd1b98ad4c3958d466f8cf650d499f06c7ed2ef8ef9e026b457d3402

RedLineStealer

9ba8dc8c46b2589bf035f4d4ab04e1e87b2abd8ace34166c28e64cba4919c270

RedLineStealer

a433e37681474497ad96a280d9578620c8875d1f99445ca976a84bf3bda3e008

RedLineStealer

df506f05d7e9b177966b890bafeb63f3b6636013838c889e7264e53a1d0d6063

RedLineStealer

f880f1bdad4b6022e1ec7de81fdd9276f023dee04c56068698e88db70038886a

RedLineStealer

+ 63 additional samples on MalwareBazaar

Result

Malware family:

redline

Score:

10/10

Tags:

family:redline

Link:

https://tria.ge/reports/211007-yjnq2adahr/

Unpacked files

SH256 hash:

800346e0531230e0cde13dad6e6795fbf298fdc95c97481f6c28c4a1043227ce

MD5 hash:

4aa9798ac88cd4c133b54bb2b224bead

SHA1 hash:

02a05ae5ff6ce5702a648e58763888c382dfe849

Link:

https://www.unpac.me/results/78fbc06b-42fd-48a1-a7f2-2b4c843dca14/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.39

Link:

https://yomi.yoroi.company/submissions/800346e0531230e0cde13dad6e6795fbf298fdc95c97481f6c28c4a1043227ce

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	MALWARE_Win_RedLine Create hunting rule
Author:	ditekSHen
Description:	Detects RedLine infostealer

Rule name:	pe_imphash Create hunting rule

Rule name:	pe_imphash Create hunting rule

Rule name:	Skystars_Malware_Imphash Create hunting rule
Author:	Skystars LightDefender
Description:	imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

exe 800346e0531230e0cde13dad6e6795fbf298fdc95c97481f6c28c4a1043227ce

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/1660051/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/195955/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample