MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9795ac0408e03c367bf4b3a613b0849ca8bb687cf0b11615a5738f68441928a4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RedLineStealer

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	9795ac0408e03c367bf4b3a613b0849ca8bb687cf0b11615a5738f68441928a4
SHA3-384 hash:	b11ce88a725d47bfedf92c91b4124c415c6543d5dfcef0b480aef56d3b7f649bea96af0b9716b2c8a62b6b6902a29ccb
SHA1 hash:	ada204a65457b42a9af6bd0792bcc0b049b3fa4a
MD5 hash:	fa2d534b279f817a1e99b799efb1c362
humanhash:	fix-carolina-finch-timing
File name:	Technical_task_for_twitter_work_sketches.zip
Download:	download sample
Signature	RedLineStealer Create hunting rule
File size:	8'329'815 bytes
First seen:	2022-11-11 18:48:11 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
Note:	This file is a password protected archive. The password is: qasxedfv1234
ssdeep	196608:g7MIVsvINFoQoNk7pNdH8fl4sWCR86w8J93+29KVmXs:g7rNFKNk7pa4sy6v93iVm8
TLSH	T105863333D4E9EDB0F0EBD8C450563738849ADE8FDE365A0252AABC69C744351AECC953
TrID	80.0% (.ZIP) ZIP compressed archive (4000/1) 20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter	iamdeadlyz
Tags:	file-pumped minjexpo pw qasxedfv1234 RedLineStealer scr zip

Iamdeadlyz

Social engineering attack done by malicious actor minjexpo@gmail.com (Twitter: @Minjin_exp | ID: 95167366)
RedLineStealer C&C: 77.73.134.13:3660

Intelligence

File Origin

# of uploads :

# of downloads :

130

Origin country :

n/a

File Archive Information

This file is a password protected archive. The password is: qasxedfv1234

This file archive contains 11 file(s), sorted by their relevance:

File name:	technical_task_for_twitter_work_example5.png
File size:	685'446 bytes
SHA256 hash:	8e6dca1318077d112300e0304ef035c07fabf09383a237132383aa96744fac11
MD5 hash:	46060fada10090e9bda9b81c8ee6b288
MIME type:	image/png
Signature	RedLineStealer

File name:	technical_task_for_twitter_work_example8.png
File size:	63'543 bytes
SHA256 hash:	8bbd51bfade5ebbf1986a2184b7a39869f57b8c944fea64d4b4914680540b4b9
MD5 hash:	dba03447c7f1fa07284e38e1a5cfbb65
MIME type:	image/png
Signature	RedLineStealer

File name:	technical_task_for_twitter_work_example7.png
File size:	54'233 bytes
SHA256 hash:	fc32fdbc3350ad1321e6ada4f314e87eff9a1e18c71a0b04dfb85ef5d35e953c
MD5 hash:	1c195158194fe73630280ce12b170a8a
MIME type:	image/png
Signature	RedLineStealer

File name:	technical_task_for_twitter_work_example10.png
File size:	9'018 bytes
SHA256 hash:	4de01e2db31fa16648ca6701ea1eb1d44a02a80c8285cd757d76ed8468f83224
MD5 hash:	c62a3e84a9cc554713690f4bd64482d5
MIME type:	image/png
Signature	RedLineStealer

File name:	technical_task_for_twitter_work_example9.png
File size:	71'015 bytes
SHA256 hash:	5d73720a1f208ed45487aa7e9f0b12030ede05f6caa1113e992225f14e251d21
MD5 hash:	91cc5e288fdec10c453eb0acb111c8b2
MIME type:	image/png
Signature	RedLineStealer

File name:	technical_task_for_twitter_work_example1.png
File size:	32'989 bytes
SHA256 hash:	72c2ca6f1ed46daf8fb9ee1c980957c3ffb114674f36679fd322f19040b1fdf2
MD5 hash:	06c29813ca8b1adf101bb51236ed56c1
MIME type:	image/png
Signature	RedLineStealer

File name:	technical_task_for_twitter_work_example4.png
File size:	38'695 bytes
SHA256 hash:	8c7ddcb7fec2aaade6c708e3ab0f8f2a5cbc5ab50b589e9fe54470b2f2d9d3ba
MD5 hash:	ec7304c2fa885784b5109c32bf267ffe
MIME type:	image/png
Signature	RedLineStealer

File name:	technical_task_for_twitter_work_example2.png
File size:	317'970 bytes
SHA256 hash:	e080770303fc5909e147a01e8af4b5e33ac008fde0d5b65e02094b599ccb46b2
MD5 hash:	80a5b55d4d12ca055cb104ebe68383e9
MIME type:	image/png
Signature	RedLineStealer

File name:	technical_task_for_twitter_work_example6.png
File size:	67'424 bytes
SHA256 hash:	6ad382b7b848ef7b5c6e38a89fec046320902276ea358b0b4b4f830343914dc6
MD5 hash:	62e46c9fa027957d5029d5778d6ca6d1
MIME type:	image/png
Signature	RedLineStealer

File name:	technical_task_for_twitter_work_example11.png
File size:	1'889'090 bytes
SHA256 hash:	c7685bae5bffafa0d1d21c639430eec2d98da4970cd9b7a27fec4e64cad0b181
MD5 hash:	1bc70d1ab0634c8b17104663899401d7
MIME type:	image/png
Signature	RedLineStealer

File name:	technical_task_for_twitter_work_example3.scr
Pumped file	This file is pumped. MalwareBazaar has de-pumped it.
File size:	792'128'512 bytes
SHA256 hash:	e6afcefadeefbd2a7439633d78ce121ba09d0e7b517f3c7df1c538d0e1af6e61
MD5 hash:	4cac6b110b8f89d5c89f990bba458732
De-pumped file size:	4'451'328 bytes (Vs. original size of 792'128'512 bytes)
De-pumped SHA256 hash:	5ebeb6f62bdcdd09c794670801e5cb7d3d26139945e0c9f0e43c246033117885
De-pumped MD5 hash:	4421aaafca4dabcda878db996027a082
MIME type:	application/x-dosexec
Signature	RedLineStealer

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Malware.25534.ZipHeur.UNOFFICIAL

Gathering data

Result

Verdict:

UNKNOWN

Link:

https://labs.inquest.net/dfi/sha256/9795ac0408e03c367bf4b3a613b0849ca8bb687cf0b11615a5738f68441928a4

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/9795ac0408e03c367bf4b3a613b0849ca8bb687cf0b11615a5738f68441928a4/

Threat name:

Binary.Trojan.Generic

Status:

Suspicious

First seen:

2022-11-11 18:49:07 UTC

File Type:

Binary (Archive)

AV detection:

4 of 26 (15.38%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=s6k2ybai4a6dm67uwotbhmeetsulw2d46cyrmfnfoohwqrazfcsa._file

Result

Malware family:

redline

Score:

10/10

Tags:

family:redline infostealer spyware

Link:

https://tria.ge/reports/221111-xn7t2ach41/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Accesses cryptocurrency files/wallets, possible credential harvesting

RedLine

RedLine payload

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

zip 9795ac0408e03c367bf4b3a613b0849ca8bb687cf0b11615a5738f68441928a4

(this sample)

e6afcefadeefbd2a7439633d78ce121ba09d0e7b517f3c7df1c538d0e1af6e61

Dropping

SHA256 e6afcefadeefbd2a7439633d78ce121ba09d0e7b517f3c7df1c538d0e1af6e61

Dropping

SHA256 5ebeb6f62bdcdd09c794670801e5cb7d3d26139945e0c9f0e43c246033117885

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/2408628/

Dropping

MD5 4421aaafca4dabcda878db996027a082

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample