MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b2db54f8f45967432942f6985d3090e6065f2ec26b6fe33868b4178403d5d4b3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 10


Intelligence 10 IOCs 1 YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b2db54f8f45967432942f6985d3090e6065f2ec26b6fe33868b4178403d5d4b3
SHA3-384 hash: 65347170d60596a535c66708acc041a3c563b917c8f9cbdffd33e97a5e5ea2b7b1b5b107ff5b711e80d8812d7165eadd
SHA1 hash: 5aebf4802e7508ebc6c3a5ad32d37c87e460e1e2
MD5 hash: 53c89255ec986446d454f56a2f40460b
humanhash: four-california-jig-zebra
File name:53c89255ec986446d454f56a2f40460b.exe
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:396'288 bytes
First seen:2021-06-17 20:50:43 UTC
Last seen:2021-06-17 21:34:48 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 136b2a08509d43e19ab48f1d5496644a (14 x RedLineStealer, 1 x CryptBot)
ssdeep 6144:ys7csIzxHCOdxAD3F9dog59ptcW0zBkjR884UK6gj7tYS0+FxDtnzCxU:RIVHCOdxAD3FoE9EzCK826ixYsFxQa
Threatray 766 similar samples on MalwareBazaar
TLSH 3F84BF10FA90C034F5F622F85ABA93B9A52C3AB0572451CF62D52EEE4A346F0ED31757
Reporter abuse_ch
Tags:exe RedLineStealer


Avatar
abuse_ch
RedLineStealer C2:
49.12.74.247:8765

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
49.12.74.247:8765 https://threatfox.abuse.ch/ioc/131112/

Intelligence

File Origin
# of uploads :
2
# of downloads :
152
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
53c89255ec986446d454f56a2f40460b.exe
Verdict:
No threats detected
Analysis date:
2021-06-17 20:55:47 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/994037d2-102d-4c8e-bb6a-d17aa6755879

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
RedLine
Create hunting rule
Link:
https://www.capesandbox.com/analysis/166650/
Detection(s):
SecuriteInfo.com.Trojan.PWS.Stealer.30611.31499.20359.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Malicious Packer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/9788323b-3120-482e-a0d1-cf99b324d039
Result
Threat name:
RedLine
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/803971
Signature
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Yara detected RedLine Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b2db54f8f45967432942f6985d3090e6065f2ec26b6fe33868b4178403d5d4b3/
Threat name:
Win32.Trojan.Glupteba
Create hunting rule
Status:
Malicious
First seen:
2021-06-17 08:34:43 UTC
AV detection:
22 of 28 (78.57%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wlnvj6hulftugkkc62mf2meq4ydf6lwcnnx6godiwqlyia6v2szq._file
Verdict:
malicious
Similar samples:
2e492cb7c8adba1e0e44b44c212802c8e891f0300d93060691e39f4f986da044
RedLineStealer
67a5268f8ca46f703598ccc0170a70427417edea4a57954f5a460cc25b9f65f4
RedLineStealer
77fd8a8115cbe67260e932a87098d056ba4a30f7cd866cff3041ccb8c28e36b3
RedLineStealer
89b97ece95a497b43579a58fcc7d459aac71a20a392fe7731209ea68bc614015
RedLineStealer
8e5283f78afa3601d399dc37cd0a857e7792e52c5d85ad52f50f15732260254a
RedLineStealer
9c4589b45940c81fcc8722fa0f96f4b583995df1324a327eefbc276448ea4725
RedLineStealer
ad4fdfae7fcaa4464c67695dc43ba48ae0aa1209db04c92f5a4d11e2976895e4
RedLineStealer
b9b172003da4364527e6fd11d03ef5ae1e503a3fb92b16f2261284746960844e
RedLineStealer
c1660be567af85e39a3b088ca612280e32a4eb0c61b4a2d7131cee65ef163edc
RedLineStealer
dfde5ef88e75505217bfdd4641bd69d48a1145e64bb46e519300b65c95e3f0d5
RedLineStealer
+ 756 additional samples on MalwareBazaar
Result
Malware family:
redline
Create hunting rule
Score:
  10/10
Tags:
family:redline infostealer
Link:
https://tria.ge/reports/210617-6n7rkw5p8j/
Behaviour
Suspicious use of AdjustPrivilegeToken
RedLine
RedLine Payload
Unpacked files
SH256 hash:
8f0a036f4f2889d39ea84cf51bbb6746d33dcde06aa4bec8aa8fe5555ba7c37f
MD5 hash:
afafd5e48be3bb1e322dcdd85bea18b3
SHA1 hash:
fdcde764a23a4346114f90bf930da3aa1f500e37
Link:
https://www.unpac.me/results/6968f60a-320a-411b-8e3e-f9ae224a94be/
SH256 hash:
f373b1bf2a2c657117304839f7cc6b6ac2f3fc65884500a03a5464ecd06acfbc
MD5 hash:
ea332580258a5aeec9ea467cb94aa1ae
SHA1 hash:
f398809f5a866397cee9d293b900b6836645ae1e
Link:
https://www.unpac.me/results/6968f60a-320a-411b-8e3e-f9ae224a94be/
SH256 hash:
4a9df169a429315c53c793a05293a599fc8c9ab2c5fa669c2b1e9b7c7f1c69be
MD5 hash:
9f5ab07db6eb9a72411cf900cdfd0b20
SHA1 hash:
8b0fc5f488cc8c665e66489b5cafe92643495511
Link:
https://www.unpac.me/results/6968f60a-320a-411b-8e3e-f9ae224a94be/
SH256 hash:
b2db54f8f45967432942f6985d3090e6065f2ec26b6fe33868b4178403d5d4b3
MD5 hash:
53c89255ec986446d454f56a2f40460b
SHA1 hash:
5aebf4802e7508ebc6c3a5ad32d37c87e460e1e2
Link:
https://www.unpac.me/results/6968f60a-320a-411b-8e3e-f9ae224a94be/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b2db54f8f45967432942f6985d3090e6065f2ec26b6fe33868b4178403d5d4b3

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:MALWARE_Win_RedLine
Create hunting rule
Author:ditekshen
Description:Detects RedLine infostealer

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe b2db54f8f45967432942f6985d3090e6065f2ec26b6fe33868b4178403d5d4b3

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1368369/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/166650/

Comments