MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8cec1b640f03ea4a093bf2eb41a817f34ab550cfdfe47a11a1814031188e5828. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RedLineStealer

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	8cec1b640f03ea4a093bf2eb41a817f34ab550cfdfe47a11a1814031188e5828
SHA3-384 hash:	7d69961d47f6b37fb4965ac293f83dd6ec5674e459aaa73a685145201e4cb196e90648026e2d8e9efd72e01326390442
SHA1 hash:	143bc59444da83df50d73890d5776a9babd5282e
MD5 hash:	90e5325da53fd562a4ba0c7d9090d577
humanhash:	princess-chicken-december-quiet
File name:	file
Download:	download sample
Signature	RedLineStealer Create hunting rule
File size:	2'675'052 bytes
First seen:	2022-10-14 12:00:28 UTC
Last seen:	2022-10-14 13:10:32 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	fbe0effa0c3d2e7d17405f2bdd84a4a4 (6 x RedLineStealer, 1 x RecordBreaker, 1 x RaccoonStealer)
ssdeep	49152:ANegdDvdYHVvYFHkPeoV7qK6TXF1I7Ql32:ANegdDvO1nekN6TXFON
Threatray	778 similar samples on MalwareBazaar
TLSH	T12CC52C135A8B0D75DDD27BB461CB633EA734ED30CA3A9B7BBA08C43959532C46C1A742
TrID	33.5% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 21.3% (.EXE) Win64 Executable (generic) (10523/12/4) 13.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 10.2% (.EXE) Win16 NE executable (generic) (5038/12/1) 9.1% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter	andretavare5
Tags:	exe RedLineStealer

andretavare5

Sample downloaded from https://vk.com/doc120747115_650524538?hash=G0YFrfNHMHWeufb8zsbpDEzZNRA5WlJ4GyXIqzEAmbP&dl=GEZDANZUG4YTCNI:1665748542:VtVQ6gGepz7sQKpERqzi5tOtlz85uMlKlDKfQxtrx2P&api=1&no_preview=1#t

Intelligence

File Origin

# of uploads :

# of downloads :

239

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/320349/

Detection(s):

SecuriteInfo.com.Win32.TrojanX-gen.26261.30597.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Launching a process

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/43121/overview

Behaviour

MalwareBazaar

MeasuringTime

SystemUptime

EvasionGetTickCount

EvasionQueryPerformanceCounter

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

anti-debug anti-vm overlay packed spyeye

Link:

https://www.filescan.io/uploads/63494f7e7f72336a8d625284/reports/1d5d79cf-3b77-415d-9c40-7fc0f8272ed9/overview

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

RedLine stealer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/dc8c1b75-775d-4f3d-9459-4d89c930631e

Result

Threat name:

RedLine

Detection:

malicious

Classification:

troj.evad

Score:

68 / 100

Link:

https://www.joesandbox.com/analysis/1090694

Signature

Contains functionality to inject code into remote processes

Injects a PE file into a foreign processes

Malicious sample detected (through community Yara rule)

Writes to foreign memory regions

Yara detected RedLine Stealer

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/8cec1b640f03ea4a093bf2eb41a817f34ab550cfdfe47a11a1814031188e5828/

Threat name:

Win32.Trojan.Generic

Status:

Suspicious

First seen:

2022-10-14 12:01:12 UTC

File Type:

PE (Exe)

AV detection:

19 of 26 (73.08%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=rtwbwzapapveucj36lvudkax6nflkugp37shuenbqfadcgeolaua._file

Verdict:

malicious

RedLineStealer

3bcb688020ab998320195b4acec37e146c2366fdaeefa86319278b3b57f4b58c

RedLineStealer

5367a9a3d01c9f3b3bcce04e72c84a050b4fb09a79b1a917eee1c48825f76308

RedLineStealer

8befc91b605e2dd3ee8917f6e4b2ab943ec7900d257b704955c2defc0328b4d8

RedLineStealer

8f4ccb41b24de4d077f55f9f33455424bafa4f7546bc4f55efb77c94f9877170

RedLineStealer

94365d9e2381d5800339362f6bc43fce1136615dc0ac49dae00e094b51e9ff38

RedLineStealer

b3f2f31bff8ef9370d05c3b1f0ac28acd50870e35f20c96e8336585d8a3a97a4

RedLineStealer

+ 768 additional samples on MalwareBazaar

Result

Malware family:

redline

Score:

10/10

Tags:

family:redline infostealer

Link:

https://tria.ge/reports/221014-n6v4hsddc5/

Behaviour

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Uses the VBS compiler for execution

RedLine

RedLine payload

Malware Config

C2 Extraction:

185.148.39.219:4192

Verdict:

Informative

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/9baa8b1d-0dab-459a-9340-86b262b564de

Unpacked files

SH256 hash:

dc5091d8511286db246061d90ee35d10c5850d580aa41e146c1e7fe75de747ac

MD5 hash:

9766b880eade2f85be0fd9e0fa55bd1f

SHA1 hash:

d7480721061b72102081b619348efe4a9fd6ef49

Detections:

redline

Link:

https://www.unpac.me/results/986da5e2-959c-48f9-83b4-e9aff8be8c6e/

SH256 hash:

8cec1b640f03ea4a093bf2eb41a817f34ab550cfdfe47a11a1814031188e5828

MD5 hash:

90e5325da53fd562a4ba0c7d9090d577

SHA1 hash:

143bc59444da83df50d73890d5776a9babd5282e

Link:

https://www.unpac.me/results/986da5e2-959c-48f9-83b4-e9aff8be8c6e/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/8cec1b640f03ea4a093bf2eb41a817f34ab550cfdfe47a11a1814031188e5828

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Dropped by

PrivateLoader

Delivery method

Distributed via drive-by

Cape

https://www.capesandbox.com/analysis/320349/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample