MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9d2802ae1bc562601d8ca7ed750d4a14b33109c92c1f7458aea34fb5330942d3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 15


Intelligence 15 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9d2802ae1bc562601d8ca7ed750d4a14b33109c92c1f7458aea34fb5330942d3
SHA3-384 hash: 75eaee32fe1045d7955f9d391e1088cf183fee8066c9a86f14b5157dbe33887f76fe4b0d4b2dd6355b8f157922b4c58b
SHA1 hash: 31cb622550fec8b70e62eadaee4fa93a757f26f4
MD5 hash: f8066e3404b199695d4f41aadd731afa
humanhash: sierra-yellow-high-helium
File name:f8066e3404b199695d4f41aadd731afa.exe
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:407'552 bytes
First seen:2021-12-23 08:51:14 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 5d527503df32f82fdd3fa0799058f92c (2 x RedLineStealer, 1 x Amadey)
ssdeep 12288:hy4E/zFN3n2M/ZANkfpldWfmGGSAbSxB:Ej/D3fU4pdGGSB
Threatray 4'220 similar samples on MalwareBazaar
TLSH T1AC84BF00B7A0C035F1B716F84AB99269792F7DE16B3494CF62D56AEA57746E0EC3030B
File icon (PE):PE icon
dhash icon 25ec1378399b9b91 (23 x RedLineStealer, 13 x Smoke Loader, 7 x RaccoonStealer)
Reporter abuse_ch
Tags:exe RedLineStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
163
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
f8066e3404b199695d4f41aadd731afa.exe
Verdict:
Suspicious activity
Analysis date:
2021-12-23 08:54:53 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/ab1fe4fc-5d3c-407d-a02a-8d5cf83f7b45

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
RedLine
Create hunting rule
Link:
https://www.capesandbox.com/analysis/215926/
Detection(s):
Win.Packed.Ulise-9917518-0
Create hunting rule

Win.Malware.Generic-9917519-0
Create hunting rule

Win.Malware.Generic-9917551-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/2996/overview
Behaviour
MalwareBazaar
MeasuringTime
SystemUptime
EvasionGetTickCount
EvasionQueryPerformanceCounter
CheckCmdLine
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/61c438b5ec6c6c14a9ec1831/reports/63f7b92b-12d8-4464-aecf-a2ceaaae237f/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/2d8f2263-2240-4597-adcf-a262f2b557f6
Result
Threat name:
RedLine
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/911924
Signature
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Yara detected RedLine Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9d2802ae1bc562601d8ca7ed750d4a14b33109c92c1f7458aea34fb5330942d3/
Threat name:
Win32.Trojan.Zenpak
Create hunting rule
Status:
Malicious
First seen:
2021-12-23 06:04:00 UTC
File Type:
PE (Exe)
Extracted files:
14
AV detection:
21 of 28 (75.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tuuaflq3yvrgahmmu7wxkdkkcsztccojfqpxiwfounh3kmyjiljq._file
Verdict:
malicious
Similar samples:
24d0c7fc16543210f15df3cac94b24d5454b30249a48d91056eb52b111978616
RedLineStealer
2eecd263f2ccf106ab5ad42ed0bb8c981f9067a1273cc3186cb731aac8fbb702
RedLineStealer
7eec09749966b69d9eb49acb8e2d50925b3a4cc26d3051dca1dbe91888ca21ad
RedLineStealer
9ead7ad598f180927e810c975df2042366f1acfc95d60e2e2d06fd5f35a8c144
RedLineStealer
a8065894783bc05b961b4ce6a0d8a3dd0d1edcc83b294b18df7af0dab0db430a
RedLineStealer
c72d58f2ee5007430aac685459da0714396615aaeda68ff1ae5c8c0f9d9396cb
RedLineStealer
f3de4ce2a7e7d27e8dcfc9b38b0e55631181393e673a37a57bd97e218a797cfe
RedLineStealer
+ 4'210 additional samples on MalwareBazaar
Result
Malware family:
redline
Create hunting rule
Score:
  10/10
Tags:
family:redline botnet:sewpalpadin infostealer
Link:
https://tria.ge/reports/211223-ksq1vshdd4/
Behaviour
Suspicious use of AdjustPrivilegeToken
RedLine
RedLine Payload
Malware Config
C2 Extraction:
185.215.113.29:26828
Unpacked files
SH256 hash:
c168005ed99a1ad9e1b58da3a66daa2a4a4ffe08dde1d994dc62356749fb65e1
MD5 hash:
ce8ca6f9d8b989183690e7a6cf124f33
SHA1 hash:
c5d3aa4389375841dac60cfbc486a075af52631e
Link:
https://www.unpac.me/results/5fe390e8-da2c-4cec-945e-1cbb3e9d5a6b/
SH256 hash:
d32f8e57191a72fc39c5db3ce6ba69d6bd3cfc56e81212807155cefa1f4a0d3a
MD5 hash:
b364f620818d47f1e0bfce918167da8e
SHA1 hash:
4b6bed4ea0100a037445636311bccc3482ec0f90
Link:
https://www.unpac.me/results/5fe390e8-da2c-4cec-945e-1cbb3e9d5a6b/
SH256 hash:
5e045820d88c6fb22de1cb1f85898b9c891f62e8a9bf55e39ac1f085f715cbc9
MD5 hash:
e6ce754be7fc44c782f55a857b45f035
SHA1 hash:
13c3c4c8401a46af5cdd0f3cab18908fde281afb
Link:
https://www.unpac.me/results/5fe390e8-da2c-4cec-945e-1cbb3e9d5a6b/
SH256 hash:
9d2802ae1bc562601d8ca7ed750d4a14b33109c92c1f7458aea34fb5330942d3
MD5 hash:
f8066e3404b199695d4f41aadd731afa
SHA1 hash:
31cb622550fec8b70e62eadaee4fa93a757f26f4
Link:
https://www.unpac.me/results/5fe390e8-da2c-4cec-945e-1cbb3e9d5a6b/
Malware family:
RedNet
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/9d2802ae1bc5/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/9d2802ae1bc562601d8ca7ed750d4a14b33109c92c1f7458aea34fb5330942d3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe 9d2802ae1bc562601d8ca7ed750d4a14b33109c92c1f7458aea34fb5330942d3

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1850153/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/215926/

Comments