MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9eee4d294f2111c25d601095dc4e10e7793c99d270c47c827c7316adf1393e73. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence 1 File information 3 Yara Comments

SHA256 hash: 9eee4d294f2111c25d601095dc4e10e7793c99d270c47c827c7316adf1393e73
SHA3-384 hash: 3fda53101bdca2ecff47b21c9cf6463d46aa260f09f077bc534ae0650f11ae68984ea3a6041ce69c870e9759a96096f5
SHA1 hash: 9940e693d9a1424134e85e86bd61d278c1d31ab1
MD5 hash: 5cfa22e8d4102ffccd45ef8e80237e0f
humanhash: oven-texas-fillet-delaware
File name:5cfa22e8d4102ffccd45ef8e80237e0f.exe
Download: download sample
Signature RedLineStealer
File size:988'160 bytes
First seen:2020-06-30 17:54:06 UTC
Last seen:2020-06-30 18:48:43 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 9df0376eebbb1789af13c87424174a69
ssdeep 24576:Jska2l9X6aL190WxRk7sX+zUqNnPxsxnHROiyJs/MyhB8eq:DacXhztxRPX+z/F8xOrcrhBJ
TLSH D22522653F8DC872C407A532A565E3B2E9AD54313624528B3B441E3EEFF3BC12A2DE45
Reporter @abuse_ch
Tags:exe RedLineStealer

RedLineStealer C2:


Mail intelligence No data
# of uploads 2
# of downloads 33
Origin country US US
CAPE Sandbox Gathering data
ClamAV PUA.Win.Downloader.Aiis-6803892-0
CERT.PL MWDB Detection:n/a
ReversingLabs :Status:Malicious
Threat name:Win32.Trojan.Kryptik
First seen:2020-06-30 15:51:33 UTC
AV detection:18 of 31 (58.06%)
Threat level:   5/5
Spamhaus Hash Blocklist :Malicious file
Hatching Triage Score:   10/10
Malware Family:redline
Tags:spyware infostealer family:redline evasion trojan discovery
VirusTotal:Virustotal results 28.77%

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download


Executable exe 9eee4d294f2111c25d601095dc4e10e7793c99d270c47c827c7316adf1393e73

(this sample)

Delivery method
Distributed via web download