MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 83f9b6d6a511c4cae8cb49a92fd18a6333067c50bc1ace0c00324c4af27887e0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RedLineStealer

Vendor detections: 10

Intelligence 10 IOCs YARA 1 File information Comments

SHA256 hash:	83f9b6d6a511c4cae8cb49a92fd18a6333067c50bc1ace0c00324c4af27887e0
SHA3-384 hash:	95c9e36435bd31bc3acf870f8c6a97fe5f355fb8c992a5923273b644d8dd9e5d20cf75de8698ca585515feb033c887b0
SHA1 hash:	66c91aa0292e19e58c84fe0c99427eaedada1066
MD5 hash:	c86f9a7f943635607457e1b1ca90ce7f
humanhash:	nuts-steak-louisiana-tango
File name:	c86f9a7f943635607457e1b1ca90ce7f.exe
Download:	download sample
Signature	RedLineStealer Create hunting rule
File size:	324'096 bytes
First seen:	2021-04-02 18:02:34 UTC
Last seen:	2021-04-02 19:09:45 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	d2d03b007a12b2c8300987fcf9d1912a (1 x RedLineStealer)
ssdeep	6144:P8h4AdWu2oKcjv9LdvO0EnTXHCEKMrV1n6Yv7G:a4bjIdvO0ETiEdrV1n6Yv7
Threatray	1'255 similar samples on MalwareBazaar
TLSH	2F64E001B0D4C873EA565A790925C2A58936FCB25F3556CB3B943FBD5F322D18A3A383
Reporter	abuse_ch
Tags:	exe RedLineStealer

Intelligence

File Origin

# of uploads :

# of downloads :

193

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

c86f9a7f943635607457e1b1ca90ce7f.exe

Verdict:

No threats detected

Analysis date:

2021-04-02 18:05:31 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/e7c86263-07c7-4b9a-8946-fbdda4587f15

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

RedLine

Link:

https://www.capesandbox.com/analysis/131821/

Detection(s):

SecuriteInfo.com.Trojan.Siggen13.382.9522.8898.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

DNS request

Sending a UDP request

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Malicious Packer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/43dc9a57-107e-4c70-a446-8e87ef49ad35

Result

Threat name:

RedLine

Detection:

malicious

Classification:

troj.spyw.evad

Score:

96 / 100

Link:

https://www.joesandbox.com/analysis/664162

Signature

Antivirus detection for URL or domain

Detected unpacking (overwrites its own PE header)

Found malware configuration

Found many strings related to Crypto-Wallets (likely being stolen)

Machine Learning detection for sample

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Yara detected RedLine Stealer

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/83f9b6d6a511c4cae8cb49a92fd18a6333067c50bc1ace0c00324c4af27887e0/

Threat name:

Win32.Trojan.Glupteba

Status:

Malicious

First seen:

2021-04-02 18:03:13 UTC

AV detection:

20 of 29 (68.97%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=qp43nvvfchcmv2gljgus7umkmmzqm7cqxqnm4daagjgev4tyq7qa._file

Verdict:

malicious

RedLineStealer

0f32500a74e76831740141dfc69676b97a72f9f66da30dfa3aa8648b836373cf

RedLineStealer

168eada700bc85528f3405b7f4c72c9d565cc28d90e40b05d429c59a2625dd8c

RedLineStealer

5b39d7d6eae45df2f9e263a36b30a1ca32c4c5d80a923c0a2380098fb33d978f

RedLineStealer

948fb39f8d7058b029ea1b36937c544ccaefab83d03fe6e7f609289c1f46dba8

RedLineStealer

c252253deb8ce68d6c44f555d2ce707f7581dc7267f5d6a892a626469691ef9f

RedLineStealer

c490ae5b2f9c6a0f3b030c837c57c8c2068f320a2c64e1abfdaa94cbb8ba3333

RedLineStealer

c673a3b3d0b40ed2cbbf38346a2a2a68d40ea4b94ab5ecf41f3a965a1a48ab6b

RedLineStealer

c8e651bcfb9e5b6085fe4058ebba2b015c71a04aee4d5158102c6554d346b9d9

RedLineStealer

e2a3a134421c597d262a080f13c3bed0d7c8c605d8c6472bc8fc490e742ce44d

RedLineStealer

+ 1'245 additional samples on MalwareBazaar

Result

Malware family:

redline

Score:

10/10

Tags:

family:redline botnet:3424565 infostealer

Link:

https://tria.ge/reports/210402-lftjwtppjx/

Behaviour

Suspicious use of AdjustPrivilegeToken

RedLine

RedLine Payload

Malware Config

C2 Extraction:

lordliness.store:40355
razorless-shaving.store:40355
fugicarfc8.store:40355

Unpacked files

SH256 hash:

1eb3872054f372434b179355e42bc7538eb0b0b085713fded10278030a0427f9

MD5 hash:

78a535422e2f6ee38d23303739633df4

SHA1 hash:

a79eb74129aaa63ca4175bad850510667e876255

Link:

https://www.unpac.me/results/ffa021e3-c88e-46a2-bd0a-c48558ab9b70/

SH256 hash:

bb2a4bfac1be5895eea6fb0ca45e67062d72a9ce769b30baacd5856b6a111630

MD5 hash:

71705e85f8748ca46e31537e62e19037

SHA1 hash:

4f2b3ee4cf0809016c4a9f6958ec752067d838cd

Link:

https://www.unpac.me/results/ffa021e3-c88e-46a2-bd0a-c48558ab9b70/

SH256 hash:

aee30f6be99da18f96404bae8684bb9f3cbe490e73bd30d5f407151653c41848

MD5 hash:

c61ed3bf3203c28408a6b58a338b0b07

SHA1 hash:

1eafb1e9511440ba36ba0f05d3fe0f076805fd75

Link:

https://www.unpac.me/results/ffa021e3-c88e-46a2-bd0a-c48558ab9b70/

SH256 hash:

83f9b6d6a511c4cae8cb49a92fd18a6333067c50bc1ace0c00324c4af27887e0

MD5 hash:

c86f9a7f943635607457e1b1ca90ce7f

SHA1 hash:

66c91aa0292e19e58c84fe0c99427eaedada1066

Link:

https://www.unpac.me/results/ffa021e3-c88e-46a2-bd0a-c48558ab9b70/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Emotet

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/83f9b6d6a511c4cae8cb49a92fd18a6333067c50bc1ace0c00324c4af27887e0

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.