MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8fc76e4b14fc2f43e710a43ad79e168513b97a4dccee37af410405f9836faca8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 8


Intelligence 8 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8fc76e4b14fc2f43e710a43ad79e168513b97a4dccee37af410405f9836faca8
SHA3-384 hash: 43b0d2df13f00a9e476cbe0cac34d7aee4ad0d2b129e7346645da0b188dd9f65ef9a5290c47c9ce556f9df8311102bc8
SHA1 hash: 355967fc74b291ec99fb27a24f85e025f8503c7f
MD5 hash: 50211d573c8d9201df616fe5dae3ec2a
humanhash: utah-princess-coffee-fruit
File name:SecuriteInfo.com.Ransom.Stop.Z5.28605.28489
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:708'096 bytes
First seen:2021-10-10 02:40:52 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 8999899787bd60b1911e458f2d25de40 (3 x RedLineStealer, 1 x CryptBot, 1 x ArkeiStealer)
ssdeep 12288:HRN6MwDdsS4MVuPUzYrHRUAKznjrch7OVQ+VDsFVk1MuoLKg:BwDdgkuPGDA0jOOVQisE1n
Threatray 772 similar samples on MalwareBazaar
TLSH T142E4F120B6A0E034F1B766F4597A9379A93E7EE16B2494CF17C116EE1A306D5EC3031B
File icon (PE):PE icon
dhash icon 9824e790c4e72158 (31 x RedLineStealer, 18 x Smoke Loader, 16 x ArkeiStealer)
Reporter SecuriteInfoCom
Tags:exe RedLineStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
210
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Ransom.Stop.Z5.28605.28489
Verdict:
Malicious activity
Analysis date:
2021-10-10 02:42:54 UTC
Tags:
evasion opendir
Link:
https://app.any.run/tasks/175fceb7-f319-4a20-bc92-188ebd7df921

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/196350/
Detection(s):
SecuriteInfo.com.Ransom.Stop.Z5.28605.28489.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a window
DNS request
Connection attempt
Sending a custom TCP request
Sending an HTTP GET request
Creating a file in the %AppData% subdirectories
Launching a process
Creating a file in the Windows subdirectories
Deleting a recently created file
Unauthorized injection to a system process
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/616252c01c2d58ba74fe6e71/reports/f03ea643-b805-40a0-b22b-45601f575544/overview
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8fc76e4b14fc2f43e710a43ad79e168513b97a4dccee37af410405f9836faca8/
Threat name:
Win32.Ransomware.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-10-09 22:38:38 UTC
AV detection:
14 of 28 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=r7dw4syu7qxuhzyquq5nphqwquj3s6snztxdpl2baqc7ta3pvsua._file
Verdict:
malicious
Similar samples:
10ec025e158cd3b34081f2c5ae72eac2beb12acb5833a01c6ac3d426cf0dee55
RedLineStealer
16075a1ae3ca487866a8c061682a953fa87c6ccb28dd32524bdb8cfdc6bf6559
RedLineStealer
372147979edf4928519b7cc09ae05ab8dc5bfc90f699b44befe966e0c4587107
RedLineStealer
41fc0071b14fa3a5990852af374922d234be8404ad0179e205d69b5e80613066
RedLineStealer
578cce001b43605e2afee0c3eae2ec5c7a7a9447b5ab12db9e102b39b3bc4488
RedLineStealer
62b9a227f035544237037d32dda4613226215ae67d18f344f5d1f7533ef726f4
RedLineStealer
6548d5a6f78cbf7d84dbadeca4a707305ba3fdce85f423a8e7199c3ab37dce70
RedLineStealer
bbc01794724376466ead908e7ffb86897788fa18361327418e8e4c98ed510164
RedLineStealer
+ 762 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://tria.ge/reports/211010-c6e7hsfed7/
Behaviour
Checks processor information in registry
Enumerates physical storage devices
Legitimate hosting services abused for malware hosting/C2
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8fc76e4b14fc2f43e710a43ad79e168513b97a4dccee37af410405f9836faca8

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_SUSPICIOUS_AHK_Downloader
Create hunting rule
Author:ditekSHen
Description:Detects AutoHotKey binaries acting as second stage droppers
Rule name:MALWARE_Win_RedLineDropperAHK
Create hunting rule
Author:ditekSHen
Description:Detects AutoIt/AutoHotKey executables dropping RedLine infostealer

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe 8fc76e4b14fc2f43e710a43ad79e168513b97a4dccee37af410405f9836faca8

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1662341/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/196350/

Comments