MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 adcd7d7ac0d1ce2fb231bdf176afded404415a8bab9f9f5224d1d2e9144ceb59. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 16


Intelligence 16 IOCs YARA 9 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: adcd7d7ac0d1ce2fb231bdf176afded404415a8bab9f9f5224d1d2e9144ceb59
SHA3-384 hash: 78ceb99b20b4b28f8fe8430303058ec4401aa502c97c9107da471884a8b171b648e57138e17f2e7acd38564c3465d014
SHA1 hash: fc7082ede8d63d8125670fb8af775bf9cc1f4d21
MD5 hash: fc5c376212d49e490f9e790b36ea7252
humanhash: nebraska-burger-july-ceiling
File name:fc5c376212d49e490f9e790b36ea7252
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:283'648 bytes
First seen:2023-09-06 05:56:48 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash eb431e45ec385f0b5ba62d0fac2cb9db (1 x RedLineStealer)
ssdeep 3072:COnWLAq5qeerF6tWKyAmIuZIUmhrsum6wSeV5biIAFtKWILVuY4eMt7JZIEL:xnEKANJLU+snzVAXK/W9
Threatray 1'298 similar samples on MalwareBazaar
TLSH T110548E0EFC6500A6DBDE847C70AE8F3B54BDB8103725A5F3DDA5826ACB17393AD16601
TrID 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
15.9% (.EXE) Win64 Executable (generic) (10523/12/4)
9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter zbetcheckin
Tags:32 exe RedLineStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
270
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
redline
Create hunting rule
ID:
1
File name:
fc5c376212d49e490f9e790b36ea7252
Verdict:
Malicious activity
Analysis date:
2023-09-06 05:59:13 UTC
Tags:
redline
Link:
https://app.any.run/tasks/99dbc839-b9db-4be5-83bc-ec106971e869

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/446455/
Detection(s):
SecuriteInfo.com.Win32.PWSX-gen.6498.4425.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
Sending a custom TCP request
Gathering data
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
greyware
Link:
https://www.filescan.io/uploads/64f814b12a262962b794afd0/reports/1074833b-6474-46de-b899-7b59f50c1b62/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/adcd7d7ac0d1ce2fb231bdf176afded404415a8bab9f9f5224d1d2e9144ceb59
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
WeeLoader
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/1952c0bc-798b-49f5-ad61-8f843d29cabc
Result
Threat name:
RedLine
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/1304042
Signature
.NET source code contains potential unpacker
C2 URLs / IPs found in malware configuration
Connects to many ports of the same IP (likely port scanning)
Found malware configuration
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected RedLine Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/adcd7d7ac0d1ce2fb231bdf176afded404415a8bab9f9f5224d1d2e9144ceb59/
Threat name:
Win32.Trojan.RedLine
Create hunting rule
Status:
Malicious
First seen:
2023-09-03 22:08:46 UTC
File Type:
PE (Exe)
AV detection:
29 of 38 (76.32%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vxgx26wa2hhc7mrrxxyxnl662qcecwulvopz6ure2hjosfcm5nmq._file
Verdict:
malicious
Similar samples:
14782d7a1d24ea4bfd979515a5514ec4efc57dc86099c6d9269650393c124cad
RedLineStealer
199c2d8e24c0cc919d0400773938ed3cca76860e7be93b5d1f2f8ee12004a5f7
RedLineStealer
252055d82e07b21166bc7cd77e43635b582947c7bdc60646c5edc4766bcc7f4c
RedLineStealer
2767d4128fc88d587b6681fcff44a8694833e95da510eca60750540e42f2e418
RedLineStealer
712bd451f71fe3a5a3ad3b2d0965b0dd872c5348f8338af96c222add990a5326
RedLineStealer
90a8447971f2150fe9ba03d2680af7bdd33de721e9e1521166a7826ed143a2d8
RedLineStealer
a603f24dcfe2d6c509d38aa796680ba1ec48af5c984bceb106c7b28224cbfcbb
RedLineStealer
a85b8341d1594f4ec7d0aaf1cb367c0fe92ecd1914666107d1ed720d2bb7a1a2
RedLineStealer
b02a04e65ae9453f1c3bc5fcfd47686be2fb8b8f978c3ec29a0c6749106ed4f7
RedLineStealer
dd7559d441f5207d13dd4e8486af5146085c326b27e0ba2b4a72acbcd2a60984
RedLineStealer
+ 1'288 additional samples on MalwareBazaar
Result
Malware family:
redline
Create hunting rule
Score:
  10/10
Tags:
family:redline botnet:0309privat infostealer
Link:
https://tria.ge/reports/230906-gnk29sdf33/
Behaviour
RedLine
RedLine payload
Malware Config
C2 Extraction:
65.21.155.238:31874
Unpacked files
SH256 hash:
578d43f2f5df0c4c723b355bcd55590e4fdf45bf8bc2c8277383b0e9e29d752e
MD5 hash:
8e09dbff2a8c0f5c412ab12b3e63eabe
SHA1 hash:
7c89a5966c2a6e5475f06b0632ef361fa710a1f4
Detections:
redline
Create hunting rule
Link:
https://www.unpac.me/results/197acc18-82d9-48b6-a591-2d76559c5756/
SH256 hash:
5bc78df562a215b6f6fe2029a9f891532a533e8f4186089621c6e55da1e924b4
MD5 hash:
ac028dc428519063c52ab0563eef52da
SHA1 hash:
2f287c3e4451804c7f89719f95c76c84b0ec665b
Link:
https://www.unpac.me/results/197acc18-82d9-48b6-a591-2d76559c5756/
SH256 hash:
adcd7d7ac0d1ce2fb231bdf176afded404415a8bab9f9f5224d1d2e9144ceb59
MD5 hash:
fc5c376212d49e490f9e790b36ea7252
SHA1 hash:
fc7082ede8d63d8125670fb8af775bf9cc1f4d21
Link:
https://www.unpac.me/results/197acc18-82d9-48b6-a591-2d76559c5756/
Malware family:
RedLine.E
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/adcd7d7ac0d1/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/adcd7d7ac0d1ce2fb231bdf176afded404415a8bab9f9f5224d1d2e9144ceb59

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:INDICATOR_EXE_Packed_ConfuserEx
Create hunting rule
Author:ditekSHen
Description:Detects executables packed with ConfuserEx Mod
Rule name:MALWARE_Win_RedLine
Create hunting rule
Author:ditekSHen
Description:Detects RedLine infostealer
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:NETexecutableMicrosoft
Create hunting rule
Author:malware-lu
Rule name:pe_imphash
Create hunting rule
Rule name:redline_stealer_1
Create hunting rule
Author:Nikolaos 'n0t' Totosis
Description:RedLine Stealer Payload
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe adcd7d7ac0d1ce2fb231bdf176afded404415a8bab9f9f5224d1d2e9144ceb59

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2709996/
Cape
Cape
https://www.capesandbox.com/analysis/446455/

Comments


Avatar
zbet commented on 2023-09-06 05:56:48 UTC

url : hxxp://h170578.srv22.test-hf.su/166.exe