MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 98c8f17aa0cb9b73446909cdbdbb541c0c9c24e6210cda339dccaf7d3ce47593. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RedLineStealer

Vendor detections: 11

Intelligence 11 IOCs YARA 1 File information Comments

SHA256 hash:	98c8f17aa0cb9b73446909cdbdbb541c0c9c24e6210cda339dccaf7d3ce47593
SHA3-384 hash:	26909955a74de135ef3023bf23587eb56de5b0960a9032cdd3fbcb968da70a8142c65fdf386cfcc20d7d68ca49280a2d
SHA1 hash:	93e4512778ada5fa4911a694f602203f77ea2f08
MD5 hash:	ade5a109d6798d5d563a5bfc978c211a
humanhash:	hamper-oregon-music-rugby
File name:	ade5a109d6798d5d563a5bfc978c211a.exe
Download:	download sample
Signature	RedLineStealer Create hunting rule
File size:	427'520 bytes
First seen:	2021-06-17 06:49:50 UTC
Last seen:	2021-06-17 07:44:38 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f15a946d6e0659432dc9b8c464554438 (5 x RedLineStealer, 3 x Smoke Loader, 1 x Glupteba)
ssdeep	12288:VJZEh1KMwp1L975pCzjA3F+1hdMtQVkwvtrGu0g0aiFu4wp1vo3LeG4W17KEouOM:eWUmetA7m
Threatray	2'675 similar samples on MalwareBazaar
TLSH	5794AE10A790C034F1F712F85AB593B8E92EBAB1A77850CF52D55AEE46786E0EC31347
Reporter	abuse_ch
Tags:	exe RedLineStealer

Intelligence

File Origin

# of uploads :

# of downloads :

140

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

ade5a109d6798d5d563a5bfc978c211a.exe

Verdict:

Malicious activity

Analysis date:

2021-06-17 06:55:31 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/b2064de2-76e2-4ad4-b373-b0a0e33ce2bc

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

RedLine

Link:

https://www.capesandbox.com/analysis/166511/

Detection(s):

SecuriteInfo.com.Trojan.PWS.Siggen3.123.22411.30330.UNOFFICIAL

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Malicious Packer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/ce2ce0ad-e1df-404d-91e5-a032a3b65736

Result

Threat name:

RedLine

Detection:

malicious

Classification:

troj.evad

Score:

92 / 100

Link:

https://www.joesandbox.com/analysis/803534

Signature

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Found malware configuration

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Yara detected RedLine Stealer

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/98c8f17aa0cb9b73446909cdbdbb541c0c9c24e6210cda339dccaf7d3ce47593/

Threat name:

Win32.Trojan.Azorult

Status:

Malicious

First seen:

2021-06-16 14:33:19 UTC

AV detection:

18 of 29 (62.07%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=tdepc6vazonxgrdjbhg33o2udqgjyjhgeegnum45zsxx2pheowjq._file

Verdict:

malicious

RedLineStealer

3c059aec4e646344229078685a44275b504c0883a9ab97dfabf81dfe9cc9b144

RedLineStealer

409e722afd8b4e6391de6a83c8ea6650d355fc295c056aa6b4747118fd1c28fe

RedLineStealer

4d77b91724d6827fb90e0a04e96d4a9771e7dfcc6b108804f0f47ff280fbc88e

RedLineStealer

807ba89d095a8f641a35ed199f2a72404b61000f5d08764ee9f4b24cbc47623b

RedLineStealer

87d38a0df49687aa9055d8e46b62a07a331c47981673ba96f624732d7977f786

RedLineStealer

aed0497b275c92082203bbcd78f6f853ee87145aecf6f85fe8c7ec433ab29bab

RedLineStealer

d0cebfb71ae3ed9e73c0fa392a5df8657684787474e7f6d31e89229d8947270d

RedLineStealer

dab1943418275fa0a684702d291fa2fd693bebc19b99f7af9ad8dc3dd0a47cb5

RedLineStealer

df45f560bf26f3aad3f2b51230c2e0d7313848edf4d10ee18938b5776abd5a68

RedLineStealer

+ 2'665 additional samples on MalwareBazaar

Result

Malware family:

redline

Score:

10/10

Tags:

family:redline infostealer

Link:

https://tria.ge/reports/210617-kvrwx5r9ks/

Behaviour

Suspicious use of AdjustPrivilegeToken

RedLine

RedLine Payload

Unpacked files

SH256 hash:

38ed919245b0f5bdf5a08cac11d91830103e8e5f0806e06495e38f100095c09d

MD5 hash:

eb898f476eabf6dbf6192e1f05346ab3

SHA1 hash:

a89d8d05959d2e49712a6ba805591f4914ba0f5e

Link:

https://www.unpac.me/results/73359774-9b3b-47b0-abca-1819275a7b55/

SH256 hash:

be10ea7e6f0a444ce05dff088f49e97744bd74242ac01bbf484ca2c6dfb60051

MD5 hash:

7a066948adabecf897433dfa90e6a796

SHA1 hash:

45d0b90c32996e90494922fbb7fb848a4b07ffa0

Link:

https://www.unpac.me/results/73359774-9b3b-47b0-abca-1819275a7b55/

SH256 hash:

400ee739fcb0827d2bd9b65758c7ac6cd181fce1f2237460f4d2ef75f7941155

MD5 hash:

c12c6bc5301bfeba4066c2a03ba744c7

SHA1 hash:

33214cf494a2ec39a072d833c0081d39556d740a

Link:

https://www.unpac.me/results/73359774-9b3b-47b0-abca-1819275a7b55/

SH256 hash:

98c8f17aa0cb9b73446909cdbdbb541c0c9c24e6210cda339dccaf7d3ce47593

MD5 hash:

ade5a109d6798d5d563a5bfc978c211a

SHA1 hash:

93e4512778ada5fa4911a694f602203f77ea2f08

Link:

https://www.unpac.me/results/73359774-9b3b-47b0-abca-1819275a7b55/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/98c8f17aa0cb9b73446909cdbdbb541c0c9c24e6210cda339dccaf7d3ce47593

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.