MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a36434a7f29255e4053d5593765e3eb27a4f257581f0a10f76ea8bec24850ab4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a36434a7f29255e4053d5593765e3eb27a4f257581f0a10f76ea8bec24850ab4
SHA3-384 hash: fdb9b5063e20b699cca4106a9f6dac7760773e68aa270ec265a5b5d070fb2cfaa087c94a654dd1ca8c522b8c7e62e51d
SHA1 hash: 769fce57adacbfca686118f9a45fce099abf2a20
MD5 hash: 1bef6a1a0d0cdcb868aaa9fffd513f25
humanhash: maryland-harry-robert-two
File name:1bef6a1a0d0cdcb868aaa9fffd513f25
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:148'480 bytes
First seen:2021-11-04 12:14:14 UTC
Last seen:2021-11-04 13:31:14 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 3072:ZrXagQYARcnkao/Q0Ytw4Kws062u67/igEEKthGx:ZmEAqdrLLsYu67/RbKthG
Threatray 3 similar samples on MalwareBazaar
TLSH T1DBE35A9C765072DFC86BC876CA682C68EA60647B531F8203D45326ED9E1C99BCF151F3
Reporter zbetcheckin
Tags:exe RedLineStealer

Intelligence

File Origin
# of uploads :
2
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
1bef6a1a0d0cdcb868aaa9fffd513f25
Verdict:
No threats detected
Analysis date:
2021-11-04 12:25:03 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/75799c02-f9b6-4f0f-a6bf-c7476eb3c2ec

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/202311/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.37941487.2066.30626.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
obfuscated packed
Link:
https://www.filescan.io/uploads/6183cec90621d706aea9445f/reports/b39b68f5-40c2-4525-958b-7246e386b339/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/fd558d25-ecd9-4aad-be76-f5ec9a1d1b7e
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.spyw.evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/883142
Signature
Antivirus / Scanner detection for submitted sample
Connects to many ports of the same IP (likely port scanning)
Multi AV Scanner detection for submitted file
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a36434a7f29255e4053d5593765e3eb27a4f257581f0a10f76ea8bec24850ab4/
Threat name:
ByteCode-MSIL.Backdoor.Androm
Create hunting rule
Status:
Malicious
First seen:
2021-11-03 23:55:49 UTC
AV detection:
17 of 28 (60.71%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
b9c2ee51c09cff84cc488657064074f9c50384b8e84e3a90a00f0510a27b4cdf
RedLineStealer
cdd598ee8d2135460eff108936c0e72faf0e498b42beb4ec45723d9ce2add0b4
RedLineStealer
Result
Malware family:
redline
Create hunting rule
Score:
  10/10
Tags:
family:redline botnet:101 discovery infostealer spyware stealer
Link:
https://tria.ge/reports/211104-pexcyadgan/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Reads user/profile data of web browsers
Core1 .NET packer
RedLine
RedLine Payload
Malware Config
C2 Extraction:
185.92.73.142:52097
Unpacked files
SH256 hash:
a36434a7f29255e4053d5593765e3eb27a4f257581f0a10f76ea8bec24850ab4
MD5 hash:
1bef6a1a0d0cdcb868aaa9fffd513f25
SHA1 hash:
769fce57adacbfca686118f9a45fce099abf2a20
Link:
https://www.unpac.me/results/b9a5789b-66dd-43a1-b06d-4b70bb3ba07c/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/a36434a7f292/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Redline
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a36434a7f29255e4053d5593765e3eb27a4f257581f0a10f76ea8bec24850ab4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe a36434a7f29255e4053d5593765e3eb27a4f257581f0a10f76ea8bec24850ab4

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/202311/
  
URLhaus
https://urlhaus.abuse.ch/url/1746043/

Comments


Avatar
zbet commented on 2021-11-04 12:14:16 UTC

url : hxxp://host-host-file6.com/files/3799_1635922365_1426.exe