MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 adb2e5bb2471f3ab9919f8bce64c329e64295dc6cba297182379552bd11abd46. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RedLineStealer

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	adb2e5bb2471f3ab9919f8bce64c329e64295dc6cba297182379552bd11abd46
SHA3-384 hash:	cfc26f696f5c2ae5d85e49b51f2e1e6c1450c47632b56bfc9936e6189e56fa6735145ab64ab2f85109d1b7e2d142d4d6
SHA1 hash:	60beb7c2757c5ddc61c997a88ba314accfc9f80a
MD5 hash:	d9f6ec70913181bd024145c955091b3e
humanhash:	four-seven-december-berlin
File name:	SecuriteInfo.com.W32.AIDetect.malware2.3243.26038
Download:	download sample
Signature	RedLineStealer Create hunting rule
File size:	1'175'792 bytes
First seen:	2022-03-23 09:19:27 UTC
Last seen:	2022-03-25 07:06:16 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	b9e8066a1fd1f356ce210362ff61d072 (1 x RedLineStealer)
ssdeep	12288:p5kLMHbCcTE8ZHsUlv0fVDf29V7knKB7E7T94ShA1RaVPp3RzVTzrjSOyMqOfJpF:WMHDwUHyVD2DB7URhEyBTPmlgfWR5cx
Threatray	917 similar samples on MalwareBazaar
TLSH	T1C94523BADBCA7E51E4D493390F330266D97BE4D4FA288773A3215B3448765213E06B27
File icon (PE):
dhash icon	9080808080c080c0 (1 x RedLineStealer)
Reporter	SecuriteInfoCom
Tags:	exe RedLineStealer

Intelligence

File Origin

# of uploads :

# of downloads :

156

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/256038/

Detection(s):

SecuriteInfo.com.W32.AIDetect.malware2.3243.26038.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

Creating a window

Searching for analyzing tools

Сreating synchronization primitives

Sending a custom TCP request

Using the Windows Management Instrumentation requests

Reading critical registry keys

Query of malicious DNS domain

Sending a TCP request to an infection source

Stealing user critical data

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Gathering data

Result

Threat name:

RedLine

Detection:

malicious

Classification:

troj.spyw.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/962685

Behaviour

Behavior Graph:

n/a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/adb2e5bb2471f3ab9919f8bce64c329e64295dc6cba297182379552bd11abd46/

Threat name:

Win32.Trojan.Generic

Status:

Suspicious

First seen:

2022-03-23 08:22:58 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

26 of 42 (61.90%)

Threat level:

5/5

Verdict:

malicious

RedLineStealer

71995b00a1177346060d8ec4dbc8fca6839be511cfd7896c583b4bd8b1a37923

RedLineStealer

a93ca939d8b87bb722babba5e9b0855031a9cbba96525cd3df2c70dc3b106b0d

RedLineStealer

bd40dbedac3d318a0eb4529c4bbc0a8d4fac5a4184adebedfad9d5046ce46c62

RedLineStealer

e390d009707449faccaefe84265b761b0b7081569627b32b7a9931aec0142191

RedLineStealer

e791d1761a2bb44eb884c107df4a808f47bc83ecd81f2befa045039140c287da

RedLineStealer

f2b0706066fbc556ed73ab393d00db40a5cf1a0d4b2dc7647172b122b83fb919

RedLineStealer

+ 907 additional samples on MalwareBazaar

Result

Malware family:

redline

Score:

10/10

Tags:

family:redline discovery infostealer spyware stealer

Link:

https://tria.ge/reports/220323-la335sbec5/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of NtSetInformationThreadHideFromDebugger

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Reads user/profile data of web browsers

RedLine

RedLine Payload

Unpacked files

SH256 hash:

0d27d3e14f44d0016536dcfac98e7787cf0e12f140ea6fab45fb46281661fa79

MD5 hash:

1eb1c5b8bafe69753f6e16f57ac73fc4

SHA1 hash:

e96b3fd9911cb81abc354a1079c800dbe2ac10a5

Link:

https://www.unpac.me/results/de8bb81e-c5fa-4ab9-ab27-87cfe37e0c62/

SH256 hash:

adb2e5bb2471f3ab9919f8bce64c329e64295dc6cba297182379552bd11abd46

MD5 hash:

d9f6ec70913181bd024145c955091b3e

SHA1 hash:

60beb7c2757c5ddc61c997a88ba314accfc9f80a

Link:

https://www.unpac.me/results/de8bb81e-c5fa-4ab9-ab27-87cfe37e0c62/

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/adb2e5bb2471/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Redline

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/adb2e5bb2471f3ab9919f8bce64c329e64295dc6cba297182379552bd11abd46

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

exe adb2e5bb2471f3ab9919f8bce64c329e64295dc6cba297182379552bd11abd46

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/2111856/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/256038/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample