MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 92f38b474f16faa935aa1976979c81fbc9c296e584d86fd8b9c7c8751c1a968f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 7


Intelligence 7 IOCs 1 YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 92f38b474f16faa935aa1976979c81fbc9c296e584d86fd8b9c7c8751c1a968f
SHA3-384 hash: 34afa76a46d6478f65019f04cb638858055a0226b63ddd2aa99a432849d4871bf83a9a4b6094c353e6276b5395f31c7e
SHA1 hash: 458dcfcead848128a9be1acb2bd529357fc7d80d
MD5 hash: 81d14fc7154127770f2f4ea6b4be254f
humanhash: oregon-maine-moon-tennis
File name:GLE_018943813PDF.exe
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:741'888 bytes
First seen:2021-04-20 11:46:59 UTC
Last seen:2021-04-20 13:01:38 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 12288:+i1N5VBKUR3lZ2X7/jZU9vL2gqUGSm5+L2AkeDzRRRRR0Z7Dd:+ij7BKm0jjK9agqUGh8L2A3RRRRRG9
Threatray 132 similar samples on MalwareBazaar
TLSH 4DF49DB967448854E72FA3B94632D25396626E2E5E89D20EFCE1BE3B3D31743021345F
Reporter abuse_ch
Tags:exe RedLineStealer

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
45.15.143.209:28976 https://threatfox.abuse.ch/ioc/9264/

Intelligence

File Origin
# of uploads :
2
# of downloads :
96
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/139572/
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.667.399.5140.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/92f38b474f16faa935aa1976979c81fbc9c296e584d86fd8b9c7c8751c1a968f/
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=slzywr2pc35ksnnkdf3jpheb7pe4ffxfqtmg7wfzy7ehkha2s2hq._file
Verdict:
malicious
Similar samples:
12c9ee4c7c5172b82a032aedc3884f580f07e96b9b48c3c3e0fb9dfbbbdf79e0
RedLineStealer
2b1611385291864fe7aa42dbc429f94ec4e42570ec627609407fc9889623f426
RedLineStealer
67ad3d12a1b7bbca0e3f0d809156aaf250cde5ea7e626d32787670e6358a9b85
RedLineStealer
7d6bf00d1b0386114a7021a91332b12c8116a9c2d50272ef2f02f7b92a5289c8
RedLineStealer
89e61f4aa6bbd3fea013926a88b93065d928ba5be51343e8dd162356d922f2b1
RedLineStealer
ab4474efb2b20612fca1d558a1ffffb9a799b4651432b78fdfe5c9cb6f387cb9
RedLineStealer
ab973b31d4c8051aa1d10711842c9059e3fbb50e7e7cf41112936f9bb03c3725
RedLineStealer
b4dffd570ce4a8e028792618d6bb2522286bc13778c029ac4059d566c78baf8a
RedLineStealer
d431fcb3052e7867b0510ee6180e1287508bf0413e10427ebb6abdbfbb7dad6f
RedLineStealer
e1339c4548f73e4f250fed46d56bbce84491ca122aed7527731bb8d72df83e11
RedLineStealer
+ 122 additional samples on MalwareBazaar
Result
Malware family:
redline
Create hunting rule
Score:
  10/10
Tags:
family:redline discovery infostealer spyware stealer
Link:
https://tria.ge/reports/210420-bz64ea4nb6/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Reads user/profile data of web browsers
RedLine
RedLine Payload
Malware Config
C2 Extraction:
gabb957.duckdns.org:28976
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.65
Link:
https://yomi.yoroi.company/submissions/92f38b474f16faa935aa1976979c81fbc9c296e584d86fd8b9c7c8751c1a968f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RedLineStealer

Executable exe 92f38b474f16faa935aa1976979c81fbc9c296e584d86fd8b9c7c8751c1a968f

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/139572/

Comments


Avatar
a̵c̵c̸i̵d̷e̵n̷t̴a̷l̴r̵e̷b̸e̴l̸ commented on 2021-04-20 12:40:54 UTC

============================================================
MBC behaviors list (github.com/accidentalrebel/mbcscan):
============================================================
0) [B0009.029] Anti-Behavioral Analysis::Instruction Testing