MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 af900bb6115f32962c66c5bf7f4d2dafe98a2a35fa02b21e6d64828688938968. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 17


Intelligence 17 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: af900bb6115f32962c66c5bf7f4d2dafe98a2a35fa02b21e6d64828688938968
SHA3-384 hash: d0e30c1221cba1879ef76f8a89aab4e2eb89bddd8d155d60d26889957a47bd82493ec33b686309b0834cb15716711c09
SHA1 hash: f993b640f46dc4345df51bd8061bbb9627ea17e6
MD5 hash: f4f42c1cb492b3793062650ef4a70e08
humanhash: item-magnesium-cola-winter
File name:f4f42c1cb492b3793062650ef4a70e08.exe
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:451'584 bytes
First seen:2023-02-27 08:20:47 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 646167cce332c1c252cdcb1839e0cf48 (8'473 x RedLineStealer, 4'851 x Amadey, 290 x Smoke Loader)
ssdeep 12288:pMrMy90vOuiXeKJA/LokpJ+y39L+U4h7v2Sw:hyAONXAZp0yb4N2Sw
Threatray 4'343 similar samples on MalwareBazaar
TLSH T1E6A4F117A6FC8172E8B1277049F607C3063ABDA06B34835A378F6D5A0C736A5767172B
TrID 70.4% (.CPL) Windows Control Panel Item (generic) (197083/11/60)
11.1% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
5.9% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
3.7% (.EXE) Win64 Executable (generic) (10523/12/4)
2.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
File icon (PE):PE icon
dhash icon f8f0f4c8c8c8d8f0 (8'803 x RedLineStealer, 5'078 x Amadey, 288 x Smoke Loader)
Reporter abuse_ch
Tags:exe RedLineStealer


Avatar
abuse_ch
RedLineStealer C2:
193.233.20.23:4123

Intelligence

File Origin
# of uploads :
1
# of downloads :
187
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
redline
Create hunting rule
ID:
1
File name:
f4f42c1cb492b3793062650ef4a70e08.exe
Verdict:
Malicious activity
Analysis date:
2023-02-27 08:22:58 UTC
Tags:
rat redline
Link:
https://app.any.run/tasks/402fd993-ea83-4f90-a03a-0ae54dcd94c5

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
RedLine
Create hunting rule
Link:
https://www.capesandbox.com/analysis/369983/
Detection(s):
Sanesecurity.Malware.28840.BadO.UNOFFICIAL
Create hunting rule

Win.Packed.Disabler-9987080-0
Create hunting rule

SecuriteInfo.com.Trojan.Agent.EAOQ.26295.2066.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Creating a process from a recently created file
Creating a process with a hidden window
Using the Windows Management Instrumentation requests
Reading critical registry keys
Creating a file
Launching the default Windows debugger (dwwin.exe)
Searching for the window
Sending a TCP request to an infection source
Stealing user critical data
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
advpack.dll CAB greyware installer packed rundll32.exe setupapi.dll shell32.dll stealer
Link:
https://www.filescan.io/uploads/63fc67f50796d7d621e8e045/reports/210d418a-870a-465c-b208-fea50dcee7d3/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_70%
Link:
https://www.hybrid-analysis.com/sample/af900bb6115f32962c66c5bf7f4d2dafe98a2a35fa02b21e6d64828688938968
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
RedLine stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/4a83fad7-926e-4b3b-9c2d-64689f28dbb8
Result
Threat name:
RedLine
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1182969
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
C2 URLs / IPs found in malware configuration
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for dropped file
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Snort IDS alert for network traffic
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Yara detected RedLine Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/af900bb6115f32962c66c5bf7f4d2dafe98a2a35fa02b21e6d64828688938968/
Threat name:
Win32.Trojan.SmokeLoader
Create hunting rule
Status:
Malicious
First seen:
2023-02-27 08:21:11 UTC
File Type:
PE (Exe)
Extracted files:
62
AV detection:
21 of 25 (84.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=v6iaxnqrl4zjmldgyw7x6tjnv7uyukrv7iblehtnmsbincetrfua._file
Verdict:
malicious
Similar samples:
14900bafd95d53f43c44453772490ee3559179d7f49e2f8873e6b11376062c09
RedLineStealer
6c2256abfa4c98bb023580d3f2bccc8f2faccfb43e6564df1ca3eaa7d47e6805
RedLineStealer
8aadd9d8717e19197364ac4c543dbb4030ad83f4225d7c307e21183aecc529ea
RedLineStealer
b6fe05440df2ee8d5268bbdb1355fcb3604b9b72e71047f59dddb0c31abd5894
RedLineStealer
b95b26552cc24f5e527decffcd2a16a16cc9af9c5fc2216e785d5630bda4b7a1
RedLineStealer
bbc8b42899356e85ecd2fb5277b7fbdf296094bdc006504147b0be21895ccdc8
RedLineStealer
dbae912338b82c5ca945039308694c8886584c16b32c179d44d9cddeb3601e73
RedLineStealer
e38a00dfe2aae5c42dc81f3be9249e1b843c64b547a0e8ffc15af0cc48a7384e
RedLineStealer
ed2c1471e9f953a6c4b898bdb7b8ad7272c0e1f57c0238766a3d76e69278693e
RedLineStealer
fecc43069ba9b98d01330cbe0196e0d0dc8d0cdafca4f05b59164d9fd0a79410
RedLineStealer
+ 4'333 additional samples on MalwareBazaar
Result
Malware family:
redline
Create hunting rule
Score:
  10/10
Tags:
family:redline botnet:durka botnet:ramon discovery infostealer persistence spyware stealer
Link:
https://tria.ge/reports/230227-j82a4ace68/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
Checks installed software on the system
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
RedLine
RedLine payload
Malware Config
C2 Extraction:
193.233.20.23:4123
Unpacked files
SH256 hash:
2ce40799db5238da8f88e7562c075f01d2a54d5153129d06d83df69b403d3907
MD5 hash:
86b7df4f834d56d384b22dbf0e030a6e
SHA1 hash:
bdabd054158010331091b1cca5dbf1b46674265f
Detections:
redline
Create hunting rule
Link:
https://www.unpac.me/results/2ff5e10e-18b7-4e46-bf3a-b1dd831e5878/
Parent samples :
bbc8b42899356e85ecd2fb5277b7fbdf296094bdc006504147b0be21895ccdc8
b95b26552cc24f5e527decffcd2a16a16cc9af9c5fc2216e785d5630bda4b7a1
6c2256abfa4c98bb023580d3f2bccc8f2faccfb43e6564df1ca3eaa7d47e6805
e38a00dfe2aae5c42dc81f3be9249e1b843c64b547a0e8ffc15af0cc48a7384e
14900bafd95d53f43c44453772490ee3559179d7f49e2f8873e6b11376062c09
058ab741c326fe5d70bfedb6f4105a75a56a212aeab329f4462ad0224eb5d4ad
dbae912338b82c5ca945039308694c8886584c16b32c179d44d9cddeb3601e73
594655a39036554d6f71909fa289d7c4de09081d1d42d2bdfe5d963685c23ecf
5d4d7cafd59fa20f3037fe2502fd1a0969d2bff13218d6354b93839e28151e0b
34cfddae6527c3c05618478497f9a2a9460c8e0a275c0816be6a27affba74f76
933d8e7c40120f0c690249dbf2cab78013a482725323107d27f76f0880ce6864
017832c5ae6bcd2621e422275e1af6c1ada2cf0412212a028167e4700f37f693
17b0a19fded194190e606b3d5be82d7d2d9c6fec134708ba1ce6c6a7c1e84ae5
6472e3119d29cabe43e97ce28970ec4438cfc20c996e44a245cde26d01998123
a87610328f5259e727b6c1ab481ff0c781ab91ad2428ad690bbfcd031e380498
da901e87ab2565be47bbb3ca0c1244adf197324b6f73b241d1bb0dca4dec5c01
48bdac61ff5095c27a9b2ac84f9b89670cbe8e1745798228aa66217c90f5a908
38917fa4594d6540b4e94c419e1401ef02226b3b1fd0dceee02f917f59be4ebc
cb405f8f1b155dba1d732b3686fbfc89c4dfae5e89857eb6a0a4cb3d92277afe
cb677fa33a396a7c8aacc29194b56e98554cceca3f5a9731e7b210ecab2e47da
0b4eab8cc85aaa84d1d84840a63b58376771b7e9d8ee4affbbfa2d7865bed69a
6f6a97926d40bfce8c7fa8e8769be28c185bc0e9704ce3d931e1b20a52c49fd6
049f58ddc74db94c2dab3531770770b07a6ed4a1d60ab9b0d8ba68b550255420
4ef2a404215dcf72506d5e381da895efe7ed28a8a8be50515a0e8b8876d0f4c0
5f24ec4ae13a7b9b4a160e02b08d7bd45902668688e1bfd70edc9f691deb7452
7bb8679fa7f274c94c86f7ed4276520af02ceaf8ddbfaa70c526b7586f591cd5
d95e87bd76687c3925bc00959d15cf2b8d7f2e8fc78bdd67fd6646063961c149
d39c6fc476c28e5ebc1403ddd0d77fb3b20a614ac333c0b00022fb62ea5f7460
c1e3566e709fa51a92e6e824009c33fdbdec049806031e0fa701356721c9a11b
95213160908e914737c051c0e8e04d6f3bd1e062df84fc1b8a65d6b5bd06c3ae
9b663f8378612dab13ca406791faaa0ddb966ca6259eb94050bb9386c8d9e762
ac1b18c41ca8cbf0556840d43e556815f82a71c3584cc521c3039374759d57db
a06aebea19a88ad42e8fa1fa65fef6c622f38133b0680fa43fb6e169454c2029
0bd28cad7d87152b253dab6b7e7ba2b58e7e2334b731778f9eed82fcf5d409ae
e4809340a9d89120fc6f4e4b7edebc1bf5f99ad323d298b8cfea3e8fb384e24e
af900bb6115f32962c66c5bf7f4d2dafe98a2a35fa02b21e6d64828688938968
3ee952fa32cc989c8387c0719f843c8df7ee906a7b93646a7e4152abb5d4c943
e5d7fcd1389993e49d4bbdcdebcbd073c14213d5d2f7ae74327ca74e823e2a42
6f1e7a1f12806001367f44f611d47638cc22f1c706ad12af454a5c463a57b673
ca298f50680e68d339eba867a6ddcc19f7c8b45bc2b4306626e7d34b6299d6b8
f145a2c67e0168cb56fd3fccfd45fce7a9d11b23144b758c4050a780f6d1bb6c
7887148d70e82fd51ec9882863a7067f976f97161da02ca7e7481dd962889884
bee566657abe100830f08a14a87a630857e3fd358cf8f88806efd01aef64cb15
474b3827879064d3187e448defd806fce0b801882953f58b13d7fef2ef530b99
4894d42c65ee1040b2fa7ab79b67c65c607b410ed06d869413d0497df6784730
8c00c32e81d173d5d1f606b19d62e2d88c75211509feec6442a5f1f5fcfdc38a
9c0a32133364e580b4d7ad1b5aba33c6a09a3a2524a5dbb8c69724fca2bffe35
f61041e09e7055a9e8181fb7e25a4db0000f14f1a241ecbf57acea260cdb7963
9e456ad2b9a9fb652a094ea67ca7a528d14d9849940e397308df1efe4a8e99e8
f76fc8ceff3db6be122e6de7a8591722e1a1862a7c35b5f810230a8d7f65c83a
2e9aeea43a8f3eea1501efd079744e3dcf112722b322f86525f8fe069df6b31b
93428b9a894bf2b0d56fe04a64a12b12fb99de5c8c2a63a002d9af33a835c657
97e8b326764b53f3fa13e7cadd0059773065eded8c2f1d6e19721e939c821723
SH256 hash:
ffdfb8190bd935f92d4bf70b11729cd5c11eab2af8eb2e8b0865f06fb5909db2
MD5 hash:
e6eaa5644831d1bc3c581985c97d7e54
SHA1 hash:
664735a9359db5b6796c3ddb143f7cfe6fe19600
Link:
https://www.unpac.me/results/2ff5e10e-18b7-4e46-bf3a-b1dd831e5878/
SH256 hash:
84a9a6267905c02473c75782e3b91e10258d877c18edb194f4a89592c334b2c4
MD5 hash:
75b4be9dbec92cebf8ce205d4117e5fd
SHA1 hash:
37f4f8c6c4c3f707a4c7d04f04a600feceef00d2
Detections:
redline
Create hunting rule
Link:
https://www.unpac.me/results/2ff5e10e-18b7-4e46-bf3a-b1dd831e5878/
Parent samples :
8aadd9d8717e19197364ac4c543dbb4030ad83f4225d7c307e21183aecc529ea
bbc8b42899356e85ecd2fb5277b7fbdf296094bdc006504147b0be21895ccdc8
8c66b4e6e50ce430799bc257721317b5737d0d4123e8e34fe7754750afa80aec
b95b26552cc24f5e527decffcd2a16a16cc9af9c5fc2216e785d5630bda4b7a1
6c2256abfa4c98bb023580d3f2bccc8f2faccfb43e6564df1ca3eaa7d47e6805
b6fe05440df2ee8d5268bbdb1355fcb3604b9b72e71047f59dddb0c31abd5894
e38a00dfe2aae5c42dc81f3be9249e1b843c64b547a0e8ffc15af0cc48a7384e
14900bafd95d53f43c44453772490ee3559179d7f49e2f8873e6b11376062c09
058ab741c326fe5d70bfedb6f4105a75a56a212aeab329f4462ad0224eb5d4ad
dbae912338b82c5ca945039308694c8886584c16b32c179d44d9cddeb3601e73
a0476c747173025673b69d5c9d2fbccd34d924202a00bf053a0c162f3cdea65e
fecc43069ba9b98d01330cbe0196e0d0dc8d0cdafca4f05b59164d9fd0a79410
ed2c1471e9f953a6c4b898bdb7b8ad7272c0e1f57c0238766a3d76e69278693e
9d691ceaf5c3ba1d783f80fc905c10eec95f93404c9656c8d93d8c660c38b783
594655a39036554d6f71909fa289d7c4de09081d1d42d2bdfe5d963685c23ecf
5d4d7cafd59fa20f3037fe2502fd1a0969d2bff13218d6354b93839e28151e0b
34cfddae6527c3c05618478497f9a2a9460c8e0a275c0816be6a27affba74f76
933d8e7c40120f0c690249dbf2cab78013a482725323107d27f76f0880ce6864
017832c5ae6bcd2621e422275e1af6c1ada2cf0412212a028167e4700f37f693
17b0a19fded194190e606b3d5be82d7d2d9c6fec134708ba1ce6c6a7c1e84ae5
6472e3119d29cabe43e97ce28970ec4438cfc20c996e44a245cde26d01998123
ca8b5bffe3623e56e641b8af5d12066d86fbd831329083b7314e64127f83862f
63456741926270966aad2ad0eceb4420ee8c7df94908199c6238c410934d3c65
a87610328f5259e727b6c1ab481ff0c781ab91ad2428ad690bbfcd031e380498
da901e87ab2565be47bbb3ca0c1244adf197324b6f73b241d1bb0dca4dec5c01
48bdac61ff5095c27a9b2ac84f9b89670cbe8e1745798228aa66217c90f5a908
835573cece49e4198054ba35a154234ea1ff843d3585b0a89ab9b2bd34074b78
38917fa4594d6540b4e94c419e1401ef02226b3b1fd0dceee02f917f59be4ebc
09ee52edd929dcef2d1acd570e4fbd0eb50402f861882f6f0a1df961ade058b5
4dd78c8a57093c3e3dbbb618616213c0ffc7640383d9d032e0108681d3f72c62
8182b0e3dc7fb2aebf6c1c7453ee41b82b93804588b8e0765d28caeedd125d44
cb405f8f1b155dba1d732b3686fbfc89c4dfae5e89857eb6a0a4cb3d92277afe
ba9def06a895cecc1f8736f54ea1ae73d047dd6f34c3b55bf3c35338c40e524c
5d1d2ee4bdd30e0e3a4313de6d8b399e81c055e60341b243b279e1735010c540
cb677fa33a396a7c8aacc29194b56e98554cceca3f5a9731e7b210ecab2e47da
0b4eab8cc85aaa84d1d84840a63b58376771b7e9d8ee4affbbfa2d7865bed69a
6f6a97926d40bfce8c7fa8e8769be28c185bc0e9704ce3d931e1b20a52c49fd6
083da2e753afe5288f114d444d67f0ec1b7abe2f39186065ed03e7a9cc8ecdbb
049f58ddc74db94c2dab3531770770b07a6ed4a1d60ab9b0d8ba68b550255420
f872b3826a6d0986f570cd6bf69a8287c5162ad63af5b83a85975c77dea8d78e
4ef2a404215dcf72506d5e381da895efe7ed28a8a8be50515a0e8b8876d0f4c0
5f24ec4ae13a7b9b4a160e02b08d7bd45902668688e1bfd70edc9f691deb7452
aaa375121ad164072fc8766d72c63806c314ea30725af34fa7bf42a28e522523
7bb8679fa7f274c94c86f7ed4276520af02ceaf8ddbfaa70c526b7586f591cd5
d95e87bd76687c3925bc00959d15cf2b8d7f2e8fc78bdd67fd6646063961c149
d39c6fc476c28e5ebc1403ddd0d77fb3b20a614ac333c0b00022fb62ea5f7460
c1e3566e709fa51a92e6e824009c33fdbdec049806031e0fa701356721c9a11b
e04207c73795876acbbcdd49df04446d89e234e6c6b8ce6c3cb8793be8a71dc8
841e53792e0ce8b76f71b999a2b7e92d47141d6173ba0dfc85a289bdd920c1d2
95213160908e914737c051c0e8e04d6f3bd1e062df84fc1b8a65d6b5bd06c3ae
309d80c573571b93c2d83779973007d6b6b1258a167bd3ff24001d9d6dbc9404
790aa956a0047405ecf668ff91e789a6a44bb0a0f04055280c00dcedd0c697c5
9b663f8378612dab13ca406791faaa0ddb966ca6259eb94050bb9386c8d9e762
ac1b18c41ca8cbf0556840d43e556815f82a71c3584cc521c3039374759d57db
433b464a3fe394e4cbb1e62307f21b1fe3b114b2f71debc823d73edd2f74e5dd
55330c703409448f32b23ef261306f8ce1ab4da8f16b48920f85285d499e5551
ca8431f68192f892636f8e13ad29133579d5a2556a8587ec383055f994926c5c
2f0d55a69a9aa1a005ff0f6ae0a464764512dbeebbd1470225f8d6e89ffbe76c
9f7b8d54bd513d3c92ab8cca385dc428e7f9f2882a32c11c9fdc7ab70fc2969d
a06aebea19a88ad42e8fa1fa65fef6c622f38133b0680fa43fb6e169454c2029
0bd28cad7d87152b253dab6b7e7ba2b58e7e2334b731778f9eed82fcf5d409ae
b4684c6e32b0f4ead9a62229a913d0773e1ee0c89be2c004adaacc7a960d88dc
bb27d20e925fab44e9c430dfd168800c7dd6f0a7f5074d6632ef8fe7cecbca64
e4809340a9d89120fc6f4e4b7edebc1bf5f99ad323d298b8cfea3e8fb384e24e
3495b9b4863b1aec569d5df24285f967866a4f1435cf6dde9d61ad75cdaddd64
f5de0ad347cbf242e6a813dd91d0f1d809c3b0fb4897d951caad1ab4b33b81be
ca8a5aef79c3e25dfc5390e8c3a27a6b7000519de6be83706c0fe89d92b18dc0
af900bb6115f32962c66c5bf7f4d2dafe98a2a35fa02b21e6d64828688938968
3ee952fa32cc989c8387c0719f843c8df7ee906a7b93646a7e4152abb5d4c943
e5d7fcd1389993e49d4bbdcdebcbd073c14213d5d2f7ae74327ca74e823e2a42
fd7f4611b78c0f0b264159fcc744604e1a089f9faa381c8e4414a123ff568d19
6f1e7a1f12806001367f44f611d47638cc22f1c706ad12af454a5c463a57b673
ca298f50680e68d339eba867a6ddcc19f7c8b45bc2b4306626e7d34b6299d6b8
b4e0abed7f232edba19d22452ed734e430bb311de7d6f4a9169ed9aefcfd9e73
f145a2c67e0168cb56fd3fccfd45fce7a9d11b23144b758c4050a780f6d1bb6c
5ca6ae7766dfec34fac589fecae0687b5fe1f38e051822f75a754e9921d1c8e4
2a131683fc036ae11c3e5dea80abe3817cd5f1ae7265512035ad5d66cf4e826d
7887148d70e82fd51ec9882863a7067f976f97161da02ca7e7481dd962889884
d2cf0a013556efc96fadee634464f431580f5ae071e82b75ed8f7b504acac354
abeeaf8d832dc1d3172ed3d6ad6303f89359ac0601eff94e0e29c01013f84747
bee566657abe100830f08a14a87a630857e3fd358cf8f88806efd01aef64cb15
52acc3e3cd86f39bc795e531eb6292bb34b6eb12a32f2508ca9caf85169c059a
474b3827879064d3187e448defd806fce0b801882953f58b13d7fef2ef530b99
4894d42c65ee1040b2fa7ab79b67c65c607b410ed06d869413d0497df6784730
9f914a5634bd760e278fe057d840e7e78d04d65ceb13bffb1ba4b0c82b5f56ec
3beebc3c3e00e3554fb5efa0e8f03888d1f2ec41d26797b4c449a16e2e1fe370
2de6e177a17da8e237575aac9403d98eae8c2e61e8eae8119b380b0469bd51d7
fdb606c65f84e10b023a3c77a553791291373175953f5c2e98134ebb623d64d1
4f61910c558f8fc4ce654a8751221311641b91fb04ba32088d778d5642a6587f
8c00c32e81d173d5d1f606b19d62e2d88c75211509feec6442a5f1f5fcfdc38a
9c0a32133364e580b4d7ad1b5aba33c6a09a3a2524a5dbb8c69724fca2bffe35
f61041e09e7055a9e8181fb7e25a4db0000f14f1a241ecbf57acea260cdb7963
9e456ad2b9a9fb652a094ea67ca7a528d14d9849940e397308df1efe4a8e99e8
26a4fbee66e5d97365005c9f3f7bcce5dc6b0a64aacf46fd39e4bfffec68a28c
f76fc8ceff3db6be122e6de7a8591722e1a1862a7c35b5f810230a8d7f65c83a
2e9aeea43a8f3eea1501efd079744e3dcf112722b322f86525f8fe069df6b31b
ad564feccf1fb5ead9c4b58b621834bfc1c37c362f4fabefb3b42461a2fc971a
e79fa947c2f6d469711ff494dd3c0d98ed6cd869759484a5c57b1973b81d8155
93428b9a894bf2b0d56fe04a64a12b12fb99de5c8c2a63a002d9af33a835c657
97e8b326764b53f3fa13e7cadd0059773065eded8c2f1d6e19721e939c821723
ae5b96bec145a1bbc7cf910cf707de756ef3999f5f78492e43bf00f25aee8cb6
8aaf7dcdacd1b01484b12c95a4a550cdd5850f17524d2f09d581418ca40c1e72
SH256 hash:
978154c6b442b3754a7d7fe952eea29b199dff108700bc0deb128893b31bbd05
MD5 hash:
2a01140df4dc9f1e333372bc570b9cfa
SHA1 hash:
8ec04f70f3130e2346fe760fbb9911f5f16a7fcf
Detections:
redline
Create hunting rule
Link:
https://www.unpac.me/results/2ff5e10e-18b7-4e46-bf3a-b1dd831e5878/
SH256 hash:
af900bb6115f32962c66c5bf7f4d2dafe98a2a35fa02b21e6d64828688938968
MD5 hash:
f4f42c1cb492b3793062650ef4a70e08
SHA1 hash:
f993b640f46dc4345df51bd8061bbb9627ea17e6
Link:
https://www.unpac.me/results/2ff5e10e-18b7-4e46-bf3a-b1dd831e5878/
Malware family:
RedNet
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/af900bb6115f/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/af900bb6115f32962c66c5bf7f4d2dafe98a2a35fa02b21e6d64828688938968

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:MALWARE_Win_RedLine
Create hunting rule
Author:ditekSHen
Description:Detects RedLine infostealer
Rule name:Windows_Trojan_Smokeloader_3687686f
Create hunting rule
Author:Elastic Security

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe af900bb6115f32962c66c5bf7f4d2dafe98a2a35fa02b21e6d64828688938968

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2550856/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/369983/

Comments