MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 83d6c0356008f91b0f7c742b05bb12a30f5da5289e14c49f3a6f0ffa8020bddf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 83d6c0356008f91b0f7c742b05bb12a30f5da5289e14c49f3a6f0ffa8020bddf
SHA3-384 hash: f140a64aedd177e5b3d016750fe65732f031f993b280eae87437b5389f96a604e6328478360e23b2ff8d1d4bb92befa6
SHA1 hash: 6b5b6403475265eed348ba9a2b64f0e165e07679
MD5 hash: 296e65b035542c1b2f2deefa32a88924
humanhash: colorado-cat-autumn-illinois
File name:296e65b035542c1b2f2deefa32a88924.exe
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:414'720 bytes
First seen:2021-10-25 07:49:22 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash bac67046644aa5e445c1272184462c49 (9 x RedLineStealer, 2 x Smoke Loader, 1 x RaccoonStealer)
ssdeep 12288:8YLgCvLHzh9MuyJsstnrpXOee4jRXQ2axhh9Y:8lCvDnMo/l4j9Q2g
Threatray 2'715 similar samples on MalwareBazaar
TLSH T176949D00B6A1C039F5F326F449B99368A53E7AE11B1450CF53E52AEE97396E1EC3131B
File icon (PE):PE icon
dhash icon aad8ac9cc6a68ee0 (34 x RedLineStealer, 14 x RaccoonStealer, 11 x Smoke Loader)
Reporter abuse_ch
Tags:exe RedLineStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
180
Origin country :
n/a
Vendor Threat Intelligence
Detection:
RedLine
Create hunting rule
Link:
https://www.capesandbox.com/analysis/199828/
Detection(s):
SecuriteInfo.com.Trojan.PWS.Siggen3.4375.2141.18244.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Using the Windows Management Instrumentation requests
Connection attempt to an infection source
Sending a TCP request to an infection source
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/6176a337db358dd15ed93276/reports/63955025-1132-407a-a6c8-f733786cc473/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Malicious Packer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/bbef7d94-ed0f-4142-9a71-b0366074ee6a
Result
Threat name:
RedLine
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/876064
Signature
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Yara detected RedLine Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/83d6c0356008f91b0f7c742b05bb12a30f5da5289e14c49f3a6f0ffa8020bddf/
Threat name:
Win32.Trojan.Krypter
Create hunting rule
Status:
Malicious
First seen:
2021-10-22 23:31:37 UTC
AV detection:
20 of 28 (71.43%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qplmanlabd4rwd34oqvqloysumhv3jjitykmjhz2n4h7vabaxxpq._file
Verdict:
malicious
Similar samples:
016e8767850dc59e5d761b685e0c696819ebd40e5b55f6c42ce55a8095ab38f2
RedLineStealer
5bbf7c41579bac06169c81fafe92940dcf10b511d21cafa41e7ab809961305a3
RedLineStealer
64f9f7fccc993e73cf2ad970c822c53e4b6830687af349f8d791037ccd8b3a03
RedLineStealer
a56535178bb2c4e9fdaf4c5c6d26d58224b9bfac8b0c4be2b035b778e6ef6d9f
RedLineStealer
b8c3325bc497649787f113cee57f95a63ba7a06138fac32329f0b89814b848b7
RedLineStealer
b93c3342ed056d702f68cda57ccdd6ea92c34addac671f174e7070477cf4c156
RedLineStealer
ba60a173e1935175aaddd6a07759577fa82f0b47f2ae978e6d27f0185ec6e560
RedLineStealer
bd49a745c03761b578007d77f1c82379af8f4ae324bb41a558477935beab05d8
RedLineStealer
+ 2'705 additional samples on MalwareBazaar
Result
Malware family:
redline
Create hunting rule
Score:
  10/10
Tags:
family:redline discovery infostealer spyware stealer
Link:
https://tria.ge/reports/211025-jpac9sfgg5/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Reads user/profile data of web browsers
RedLine
RedLine Payload
Unpacked files
SH256 hash:
606c6c3073571c7567536cfb0a694858ed8108e4fa08ec296b1ec7646620b75e
MD5 hash:
6c81b50afcb024fa5d9cf32d6d01808c
SHA1 hash:
a33af25c2d7cebe665df424bb3cfa2ffcb7a255a
Link:
https://www.unpac.me/results/d53c4cb2-e8bd-43b4-97d5-6757fdee80e9/
SH256 hash:
e051efc39b844a644f40dc3ceb4311222a6657c59d9cd93c383db5bce5e439ba
MD5 hash:
c4d6fac733c156989dbcb18befbd24fa
SHA1 hash:
1d613ef7bed0ffd2fe8e34e4bd211da9e15faac2
Link:
https://www.unpac.me/results/d53c4cb2-e8bd-43b4-97d5-6757fdee80e9/
SH256 hash:
10cb1a0f2d5b3da7563aa9bc8947c3c32ab2b950b8112ede67756ce7d3093247
MD5 hash:
03f3201068d30ecceafe0663dde4750d
SHA1 hash:
1b894aa31ce1b4357e1fe190bc82493e30b5d3e0
Link:
https://www.unpac.me/results/d53c4cb2-e8bd-43b4-97d5-6757fdee80e9/
SH256 hash:
83d6c0356008f91b0f7c742b05bb12a30f5da5289e14c49f3a6f0ffa8020bddf
MD5 hash:
296e65b035542c1b2f2deefa32a88924
SHA1 hash:
6b5b6403475265eed348ba9a2b64f0e165e07679
Link:
https://www.unpac.me/results/d53c4cb2-e8bd-43b4-97d5-6757fdee80e9/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/83d6c0356008f91b0f7c742b05bb12a30f5da5289e14c49f3a6f0ffa8020bddf

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe 83d6c0356008f91b0f7c742b05bb12a30f5da5289e14c49f3a6f0ffa8020bddf

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1663298/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/199828/

Comments