MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9eee4d294f2111c25d601095dc4e10e7793c99d270c47c827c7316adf1393e73. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9eee4d294f2111c25d601095dc4e10e7793c99d270c47c827c7316adf1393e73
SHA3-384 hash: 3fda53101bdca2ecff47b21c9cf6463d46aa260f09f077bc534ae0650f11ae68984ea3a6041ce69c870e9759a96096f5
SHA1 hash: 9940e693d9a1424134e85e86bd61d278c1d31ab1
MD5 hash: 5cfa22e8d4102ffccd45ef8e80237e0f
humanhash: oven-texas-fillet-delaware
File name:5cfa22e8d4102ffccd45ef8e80237e0f.exe
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:988'160 bytes
First seen:2020-06-30 17:54:06 UTC
Last seen:2020-06-30 18:48:43 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 9df0376eebbb1789af13c87424174a69 (2 x RedLineStealer, 1 x RaccoonStealer)
ssdeep 24576:Jska2l9X6aL190WxRk7sX+zUqNnPxsxnHROiyJs/MyhB8eq:DacXhztxRPX+z/F8xOrcrhBJ
TLSH D22522653F8DC872C407A532A565E3B2E9AD54313624528B3B441E3EEFF3BC12A2DE45
Reporter abuse_ch
Tags:exe RedLineStealer


Avatar
abuse_ch
RedLineStealer C2:
http://81.177.6.78/IRemotePanel

Intelligence

File Origin
# of uploads :
2
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9eee4d294f2111c25d601095dc4e10e7793c99d270c47c827c7316adf1393e73/
Threat name:
Win32.Trojan.DanaBot
Create hunting rule
Status:
Malicious
First seen:
2020-06-30 15:51:33 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=t3xe2kkpeei4exlacck5ytqq454tzgosodchzat4omlk34jzhzzq._file
Verdict:
unknown
Result
Malware family:
redline
Create hunting rule
Score:
  10/10
Tags:
spyware infostealer family:redline evasion trojan discovery
Link:
https://tria.ge/reports/200630-l8vtcvtshj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Kills process with taskkill
Suspicious use of SetThreadContext
Looks up external IP address via web service
Modifies system certificate store
Checks for installed software on the system
Reads user/profile data of web browsers
RedLine
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe 9eee4d294f2111c25d601095dc4e10e7793c99d270c47c827c7316adf1393e73

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/17502/
  
URLhaus
https://urlhaus.abuse.ch/url/401438/
  
Delivery method
Distributed via web download

Comments