MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b2a4ea13b351447af3be84f9ec6825e685ab8ad2d45a290f14e3c2261c628627. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 15


Intelligence 15 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b2a4ea13b351447af3be84f9ec6825e685ab8ad2d45a290f14e3c2261c628627
SHA3-384 hash: 5466d89061a4466b306eea1b1760b718093300fbe63b009c0130419a9a22b6d34e0eabf9ac0e1c59fa7f7b246c996647
SHA1 hash: 172c25d58b11309e8b858f9e75a6ba3cd7923bf6
MD5 hash: b682780aa63ccca0db6db01da0763568
humanhash: diet-lemon-thirteen-social
File name:b682780aa63ccca0db6db01da0763568
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:1'219'584 bytes
First seen:2023-07-22 04:33:41 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ea2d297e3bd3b5b7def0556d0ff46651 (1 x AsyncRAT, 1 x LummaStealer, 1 x RedLineStealer)
ssdeep 24576:LnK5UgNEpGO6pzUqGo4dul9sykVQv/een7YL:yNEpGO6pzcduX+cv7e
Threatray 5 similar samples on MalwareBazaar
TLSH T14945AE1139C1803AD67321320669F7B54ABFE4701B255AEF13E81A7EAF346C15B3626F
TrID 32.2% (.EXE) Win64 Executable (generic) (10523/12/4)
20.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
15.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
13.7% (.EXE) Win32 Executable (generic) (4505/5/1)
6.2% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter zbetcheckin
Tags:32 exe RedLineStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
282
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
redline
Create hunting rule
ID:
1
File name:
b682780aa63ccca0db6db01da0763568
Verdict:
Malicious activity
Analysis date:
2023-07-22 04:35:23 UTC
Tags:
redline
Link:
https://app.any.run/tasks/16a6b21b-a109-458f-85bf-1be3c77ea896

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
RedLine
Create hunting rule
Link:
https://www.capesandbox.com/analysis/428398/
Detection(s):
SecuriteInfo.com.Variant.Zusy.477797.20164.32750.UNOFFICIAL
Create hunting rule

Gathering data
Verdict:
Malicious
Labled as:
Zusy.Generic
Link:
https://www.hybrid-analysis.com/sample/b2a4ea13b351447af3be84f9ec6825e685ab8ad2d45a290f14e3c2261c628627
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
RedLine stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/f81c42ae-5e71-4750-9ff8-cc11f09a7b33
Result
Threat name:
RedLine
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1277664
Signature
Allocates memory in foreign processes
Antivirus detection for URL or domain
C2 URLs / IPs found in malware configuration
Connects to many ports of the same IP (likely port scanning)
Found malware configuration
Injects a PE file into a foreign processes
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Writes to foreign memory regions
Yara detected RedLine Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b2a4ea13b351447af3be84f9ec6825e685ab8ad2d45a290f14e3c2261c628627/
Threat name:
Win32.Trojan.RedLine
Create hunting rule
Status:
Malicious
First seen:
2023-07-19 15:51:01 UTC
File Type:
PE (Exe)
AV detection:
22 of 25 (88.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wksoue5tkfchv456qt46y2bf42c2xcws2rncsdyu4pbcmhdcqytq._file
Verdict:
malicious
Similar samples:
4e99779daa53bffef62592a796d7fdc620ba3edc4f397d92343d3b89cb3a5e1a
RedLineStealer
8004bfbed6a65d43e8278bcfaf6eb153b9d37067e0a1c1ed6b7b7d428de93a2d
RedLineStealer
9abf9cd94bb4fbbbbb189d3e318d45dd6042532c7f73c6a4a920c1a256ecc09f
RedLineStealer
aaf6bf718709c45dda9fc1d5f0d1656702ff664b8c8b202b381db4044efa6455
RedLineStealer
e4a0406e06ba7a76cb5e60b51c56977a94a7e11b22f624ceea42778981802774
RedLineStealer
Result
Malware family:
redline
Create hunting rule
Score:
  10/10
Tags:
family:redline botnet:sex infostealer
Link:
https://tria.ge/reports/230722-e64k8ahf39/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
RedLine
Malware Config
C2 Extraction:
45.15.156.21:15863
Unpacked files
SH256 hash:
48fa00f169d94f638691f910140f20a1cdb88e6e43addda5e3933ba2fb429afa
MD5 hash:
d0645ca7face6a0f1d0ab915d3e4fd95
SHA1 hash:
a0726774013235b92d0b5998ed5522896a6e15e0
Detections:
redline
Create hunting rule
Link:
https://www.unpac.me/results/1a3f7fcf-73c6-4f74-aa95-9003dd87daec/
SH256 hash:
b2a4ea13b351447af3be84f9ec6825e685ab8ad2d45a290f14e3c2261c628627
MD5 hash:
b682780aa63ccca0db6db01da0763568
SHA1 hash:
172c25d58b11309e8b858f9e75a6ba3cd7923bf6
Link:
https://www.unpac.me/results/1a3f7fcf-73c6-4f74-aa95-9003dd87daec/
Malware family:
RedLine.E
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/b2a4ea13b351/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b2a4ea13b351447af3be84f9ec6825e685ab8ad2d45a290f14e3c2261c628627

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe b2a4ea13b351447af3be84f9ec6825e685ab8ad2d45a290f14e3c2261c628627

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2687495/
Cape
Cape
https://www.capesandbox.com/analysis/428398/

Comments


Avatar
zbet commented on 2023-07-22 04:33:43 UTC

url : hxxp://87.121.47.63/lend/crypted123.exe