MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8a9bbd2c7fb2cefcf17338a91b8a346057485f16e180cecead70730b136bb13e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 13


Intelligence 13 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8a9bbd2c7fb2cefcf17338a91b8a346057485f16e180cecead70730b136bb13e
SHA3-384 hash: 4280da89b05ac890721e8653407669e83d321e155f3435aaa66377444ee7d9ebaccee2b0cd77e90ca125cccd59dd3992
SHA1 hash: 66278f6652a14642e24c3677086a5f7e6dc7ddfc
MD5 hash: 7314effaa983e2bd6619130538811f6b
humanhash: magazine-summer-earth-gee
File name:7314effaa983e2bd6619130538811f6b.exe
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:581'072 bytes
First seen:2022-01-31 04:06:33 UTC
Last seen:2022-01-31 06:17:12 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 4c7820280afd9c70dd91638ca7691a50 (1 x RedLineStealer)
ssdeep 12288:YYqa4IZ1fYJ94UZzr/tdSIy9wCUpe4H3akRL7jqEFNsHEaJJNcp1UwP+:Y5a4iAz4O/nMlUAPG/JFNskCUawP+
Threatray 2'300 similar samples on MalwareBazaar
TLSH T173C412191B199EE6E54AFB3CE023368D433ADC0C8D3FD3D567973E366AB5AB59120002
File icon (PE):PE icon
dhash icon 32694d6969696922 (1 x RedLineStealer)
Reporter abuse_ch
Tags:exe RedLineStealer

Intelligence

File Origin
# of uploads :
2
# of downloads :
191
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
7314effaa983e2bd6619130538811f6b.exe
Verdict:
Malicious activity
Analysis date:
2022-01-31 04:17:13 UTC
Tags:
trojan rat redline
Link:
https://app.any.run/tasks/b4f06dac-fdbc-4b64-b556-9a8d3ced546c

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
RedLine
Create hunting rule
Link:
https://www.capesandbox.com/analysis/228254/
Detection(s):
SecuriteInfo.com.Variant.Strictor.268282.31666.28734.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a window
Searching for analyzing tools
Сreating synchronization primitives
DNS request
Sending a custom TCP request
Using the Windows Management Instrumentation requests
Reading critical registry keys
Creating a file
Stealing user critical data
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
overlay packed
Link:
https://www.filescan.io/uploads/61f7606bd9e6538232d5c58b/reports/23e78411-c7f4-4b35-9a72-0189cea6ba97/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Ryuk
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/69a2deef-1c66-4cde-9342-d9b5ae25eba7
Result
Threat name:
RedLine
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/930514
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8a9bbd2c7fb2cefcf17338a91b8a346057485f16e180cecead70730b136bb13e/
Threat name:
Win32.Trojan.Strictor
Create hunting rule
Status:
Malicious
First seen:
2022-01-29 09:51:33 UTC
File Type:
PE (Exe)
Extracted files:
19
AV detection:
30 of 43 (69.77%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rkn32ld7wlhpz4lthcurxcrumbluqxyw4gam5tvnobzqwe3lwe7a._file
Verdict:
malicious
Label(s):
ryuk
Create hunting rule
Similar samples:
2988763ce776fb8a9c79a2565384a30744cccd114cde7ee49b71965396f41bc7
RedLineStealer
493b04b665ef4700c97bbc2ac7123bb3fe59f8b10533ecb47731fc75a91adce1
RedLineStealer
54bcd3308c140c8ec030f98697cc7f0e9d4585d54334a2eb77c58879510d5c8c
RedLineStealer
67e030c1c7dd08138eb1d6a12a4d652c4a304f22db556afce411c32a23bddf23
RedLineStealer
7d8de08a564f08ee20d746a2c445245b75247e772248073431fc30d16a4b9b14
RedLineStealer
849beb1413d9750e1bad8a3758dc87053d47fe5cba1528723414c918625e6d27
RedLineStealer
ad8da7f38644aa54c0983c703436a872daecd353e1470e831aa209e0b37f837e
RedLineStealer
+ 2'290 additional samples on MalwareBazaar
Result
Malware family:
redline
Create hunting rule
Score:
  10/10
Tags:
family:redline botnet:160 discovery infostealer spyware stealer
Link:
https://tria.ge/reports/220131-epntfaegak/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of NtSetInformationThreadHideFromDebugger
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Reads user/profile data of web browsers
RedLine
RedLine Payload
Malware Config
C2 Extraction:
95.216.112.164:17929
Unpacked files
SH256 hash:
9f8e579e3790a0dfb368558eb4a2940c6781cb95fe04b155c19582dddab7a604
MD5 hash:
38387555d41500842b89bbb6effe116b
SHA1 hash:
ea05865cd1494f9f8f0b2cd8ef75af592a26f3e6
Link:
https://www.unpac.me/results/8e052c0d-975b-4426-9749-b53b0f54ddfa/
SH256 hash:
41c5a57b8d8a60f510913b2940d3aaa096c54a870e59133096bfc759fc583146
MD5 hash:
3059b1e75662e74edaef4eb996182b75
SHA1 hash:
4de9b56a0f54a164c1a972be502409047a138a83
Link:
https://www.unpac.me/results/8e052c0d-975b-4426-9749-b53b0f54ddfa/
SH256 hash:
8a9bbd2c7fb2cefcf17338a91b8a346057485f16e180cecead70730b136bb13e
MD5 hash:
7314effaa983e2bd6619130538811f6b
SHA1 hash:
66278f6652a14642e24c3677086a5f7e6dc7ddfc
Link:
https://www.unpac.me/results/8e052c0d-975b-4426-9749-b53b0f54ddfa/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Redline
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8a9bbd2c7fb2cefcf17338a91b8a346057485f16e180cecead70730b136bb13e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/228254/

Comments