MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8cab8c469e6d189481f0f2787f7b550bae9a7efd3c79bb7e2d84b58f8731d28f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RedLineStealer

Vendor detections: 12

Intelligence 12 IOCs YARA File information Comments

SHA256 hash:	8cab8c469e6d189481f0f2787f7b550bae9a7efd3c79bb7e2d84b58f8731d28f
SHA3-384 hash:	066bd39d7fbf844325ee37b73deb8bb96389814f0dad79054157305d8146fa330dd913159a0b74d462ca136317e587c9
SHA1 hash:	02895535548a6c84d1cf97a1d60df5ab79b3e867
MD5 hash:	d4dc50cec8d2adf7016def3a087d0967
humanhash:	montana-october-earth-leopard
File name:	d4dc50cec8d2adf7016def3a087d0967.exe
Download:	download sample
Signature	RedLineStealer Create hunting rule
File size:	468'480 bytes
First seen:	2023-08-02 17:50:35 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	94188224113cec6f774a38879ab75dff (1 x Stealc, 1 x RedLineStealer)
ssdeep	6144:YFa71pQ4+Q3Ni0aOKzEl5ZOzphtkG12UQPUbGkm58PH7:YUm4BdvaOnF0ztrfFb8OH
Threatray	2'506 similar samples on MalwareBazaar
TLSH	T11BA4C01265A0E432E5274A714D2BC6E43A1EFD639F2557FB22043F2FBDB13E18662712
TrID	47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 15.9% (.EXE) Win64 Executable (generic) (10523/12/4) 9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 7.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):
dhash icon	70d0ddc4d2d0d2dd (1 x RedLineStealer)
Reporter	abuse_ch
Tags:	exe RedLineStealer

Intelligence

File Origin

# of uploads :

# of downloads :

297

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

d4dc50cec8d2adf7016def3a087d0967.exe

Verdict:

No threats detected

Analysis date:

2023-08-02 17:52:17 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/0f4d71dd-ff9d-4439-ae01-f06c5f97e96f

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

RedLine

Link:

https://www.capesandbox.com/analysis/439908/

Detection(s):

SecuriteInfo.com.Win32.DropperX-gen.21625.13410.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Launching the default Windows debugger (dwwin.exe)

Searching for the window

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

greyware packed

Link:

https://www.filescan.io/uploads/64ca9789539838c2be51e8ae/reports/c2da8fad-d41c-455b-b34e-897efa40782d/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_100%

Link:

https://www.hybrid-analysis.com/sample/8cab8c469e6d189481f0f2787f7b550bae9a7efd3c79bb7e2d84b58f8731d28f

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Malicious Packer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/486403e6-6894-43af-b34c-d93a4b74c060

Result

Threat name:

RedLine

Detection:

malicious

Classification:

troj.evad

Score:

84 / 100

Link:

https://www.joesandbox.com/analysis/1284628

Signature

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected RedLine Stealer

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/8cab8c469e6d189481f0f2787f7b550bae9a7efd3c79bb7e2d84b58f8731d28f/

Threat name:

Win32.Spyware.RedLine

Status:

Malicious

First seen:

2023-08-02 11:20:31 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

27 of 38 (71.05%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=rsvyyru6numjjapq6j4h662vboxju7x5hr43w7rnqs2y7bzr2khq._file

Verdict:

malicious

RedLineStealer

1c47603c095d30407222513fe1349e29393b1dccf07db80e99435c90734d8752

RedLineStealer

422bb8e1eda6699de64f37d75816ae1102d44262465f38f5817c63a6c2eab9cc

RedLineStealer

49c778c9ed27cedf53650fd6c8e10c9418b0ae8dc973f8a22b9fab35a6918a7c

RedLineStealer

6f015d2ecc877fdc3d3afec3e0172b3d1c01f5a0a723c7c66780bb2ce6ef5290

RedLineStealer

992f526d307b41f221d7a7942e769095150236302e9825ba57323094767e70aa

RedLineStealer

9d314f7bb979238d429d772e28d7a679fd4391db5d3581666a7f4207061be785

RedLineStealer

ee2b8e861b9b55428d9e877f09be20ec266a089df2fcd3db55514095e061373c

RedLineStealer

+ 2'496 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/230802-we5smsgc89/

Behaviour

Program crash

Unpacked files

SH256 hash:

63e373767385a901740fe3be34de8dbb5e94c8689827d4441e27225d15971205

MD5 hash:

4105655ff9317cf1ece4ae535f63e7c8

SHA1 hash:

c2cf79f608a8b4fa89d775fcdc5f36ebe9dd1e91

Link:

https://www.unpac.me/results/9d9344ba-e943-4fb9-ba49-4d07fe7eaa6a/

SH256 hash:

8cab8c469e6d189481f0f2787f7b550bae9a7efd3c79bb7e2d84b58f8731d28f

MD5 hash:

d4dc50cec8d2adf7016def3a087d0967

SHA1 hash:

02895535548a6c84d1cf97a1d60df5ab79b3e867

Link:

https://www.unpac.me/results/9d9344ba-e943-4fb9-ba49-4d07fe7eaa6a/

Malware family:

RedNet

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/8cab8c469e6d/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/8cab8c469e6d189481f0f2787f7b550bae9a7efd3c79bb7e2d84b58f8731d28f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

exe 8cab8c469e6d189481f0f2787f7b550bae9a7efd3c79bb7e2d84b58f8731d28f

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/2694787/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/439908/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample