MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8f479fb175685aa848118801d06cdf077c087265494d2c931b50ab2074ba7183. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8f479fb175685aa848118801d06cdf077c087265494d2c931b50ab2074ba7183
SHA3-384 hash: 72afef5fbee5b602e1949cfc2294699192b6fe5401817e5be9b067fac55a60232b10215c722587e79b1afb1b23af4ff3
SHA1 hash: c816aa814281c45d68c9006f78da6afdef9653ee
MD5 hash: fad03e5fbdfaf8a75ad54f912de9df47
humanhash: arkansas-purple-table-yankee
File name:fad03e5fbdfaf8a75ad54f912de9df47.exe
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:341'504 bytes
First seen:2020-11-01 06:47:18 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e43d482ca1854dafed1fcd671905af9c (1 x RedLineStealer)
ssdeep 3072:2Q31UcFRlpFu8vjTfq5NdgxR9yYiytZv2ZnLRXS2fLwzr7iyOSC5m72UftVaQEiV:Jfcgm/dg39P219SaLwnrOJ5lUfOlW
TLSH B574D00175A0D032C09257315921F6B1623ABC36A6F49987BBD8FF2B2D221D1EB7635F
Reporter abuse_ch
Tags:exe RedLineStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
124
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/81578/
Detection(s):
Win.Packed.Generickdz-9785340-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Launching the default Windows debugger (dwwin.exe)
Connection attempt to an infection source
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
RedLine
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/517590
Signature
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Yara detected RedLine Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8f479fb175685aa848118801d06cdf077c087265494d2c931b50ab2074ba7183/
Threat name:
Win32.Trojan.Glupteba
Create hunting rule
Status:
Malicious
First seen:
2020-10-30 21:03:28 UTC
AV detection:
26 of 29 (89.66%)
Threat level:
  5/5
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger spyware stealer trojan
Link:
https://tria.ge/reports/201101-fn1v5zk6k6/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Program crash
AgentTesla Payload
AgentTesla
Unpacked files
SH256 hash:
8f479fb175685aa848118801d06cdf077c087265494d2c931b50ab2074ba7183
MD5 hash:
fad03e5fbdfaf8a75ad54f912de9df47
SHA1 hash:
c816aa814281c45d68c9006f78da6afdef9653ee
Link:
https://www.unpac.me/results/b787bc1b-2509-44bf-97c0-51c85204195f/
SH256 hash:
6b9dbb8dde0ac65181589240dcb9575a8738e07c79f0a133989b48b17d8bf180
MD5 hash:
44ee6ecadc22626e9fb327721ef6db99
SHA1 hash:
3864dfda3ad089a1fd4163be22378b0fb2c04605
Detections:
win_redline_stealer_g0
Create hunting rule
Link:
https://www.unpac.me/results/b787bc1b-2509-44bf-97c0-51c85204195f/
Parent samples :
8f479fb175685aa848118801d06cdf077c087265494d2c931b50ab2074ba7183
53694d09899c9de1600743b37ab45e9dc4e3eaf329dc410e87a3b7318d943012
SH256 hash:
48b6b2a807618beb919b656dae5f610bf18548a0abd4d9e35671adea1ec344e6
MD5 hash:
b4e7d04dc87794efef9b263ed15aff66
SHA1 hash:
c912cc1d2fac9abc9f3b8062826ebb092d6e5389
Detections:
win_redline_stealer_g0
Create hunting rule
Link:
https://www.unpac.me/results/b787bc1b-2509-44bf-97c0-51c85204195f/
Parent samples :
8f479fb175685aa848118801d06cdf077c087265494d2c931b50ab2074ba7183
53694d09899c9de1600743b37ab45e9dc4e3eaf329dc410e87a3b7318d943012
SH256 hash:
c02efe9d41d700f94b9f70e114fac16e241524b2f832243f12646de2773cfc99
MD5 hash:
ac9026c249f262f67997047be7c1c3bc
SHA1 hash:
d53be5007271443c6829092c310dbcff1c888812
Link:
https://www.unpac.me/results/b787bc1b-2509-44bf-97c0-51c85204195f/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Glupteba
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8f479fb175685aa848118801d06cdf077c087265494d2c931b50ab2074ba7183

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe 8f479fb175685aa848118801d06cdf077c087265494d2c931b50ab2074ba7183

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/759003/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/81578/

Comments