MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b356b4e7b87f38a93032673a11fb91f5bd2a502f438e954ff1cb4a5b22afb98c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 16


Intelligence 16 IOCs YARA 8 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b356b4e7b87f38a93032673a11fb91f5bd2a502f438e954ff1cb4a5b22afb98c
SHA3-384 hash: b48cdcc5f714edd2484f6835195ea230616e7a8b48b6fa6dc23b40cc50713d1ca185a428a9ce650b13bfc7be5970029c
SHA1 hash: c7b8bc84cd8c013c6b815b813e433815fd24f972
MD5 hash: 5301cccffcfaefe14b19354db0735cad
humanhash: timing-speaker-zulu-moon
File name:5301cccffcfaefe14b19354db0735cad.exe
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:269'645 bytes
First seen:2023-07-03 12:00:03 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a4a6d285c99bdb73e593491b15a4c14c (258 x RedLineStealer, 183 x Amadey)
ssdeep 6144:uMo00wxD4QsuSTZrUDZsyXfj2aM7Y0+2:zDxBsuSTZrUltvj2x0H
Threatray 461 similar samples on MalwareBazaar
TLSH T14E44173D3A134532D9EA50727CFBD9CD6BAF664068E227F7154830FD1EC3A8415AB289
TrID 38.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
15.5% (.EXE) OS/2 Executable (generic) (2029/13)
15.4% (.EXE) Clipper DOS Executable (2018/12)
15.2% (.EXE) Generic Win/DOS Executable (2002/3)
15.2% (.EXE) DOS Executable Generic (2000/1)
Reporter abuse_ch
Tags:exe RedLineStealer


Avatar
abuse_ch
RedLineStealer C2:
77.91.124.49:19073

Intelligence

File Origin
# of uploads :
1
# of downloads :
278
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
redline
Create hunting rule
ID:
1
File name:
5301cccffcfaefe14b19354db0735cad.exe
Verdict:
Malicious activity
Analysis date:
2023-07-03 12:02:28 UTC
Tags:
rat redline
Link:
https://app.any.run/tasks/afccaa6e-b6cd-48e2-9e1e-15c8f2ce2769

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
RedLine
Create hunting rule
Link:
https://www.capesandbox.com/analysis/405900/
Detection(s):
Win.Malware.Pwsx-10005471-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
Using the Windows Management Instrumentation requests
Reading critical registry keys
Creating a file
Stealing user critical data
Sending a TCP request to an infection source
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/95302/overview
Behaviour
MalwareBazaar
MeasuringTime
CallSleep
CPUID_Instruction
SystemUptime
EvasionQueryPerformanceCounter
EvasionGetTickCount
CheckCmdLine
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware overlay packed
Link:
https://www.filescan.io/uploads/64a2b87e204315fbc16c77bc/reports/9a7a35e4-6a85-472a-84a7-72f6953b170f/overview
Verdict:
Malicious
Labled as:
Zusy.Generic
Link:
https://www.hybrid-analysis.com/sample/b356b4e7b87f38a93032673a11fb91f5bd2a502f438e954ff1cb4a5b22afb98c
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/c6608ca3-fc85-40de-abc0-fa50240ed61e
Result
Threat name:
RedLine
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1265850
Signature
.NET source code contains potential unpacker
Antivirus / Scanner detection for submitted sample
C2 URLs / IPs found in malware configuration
Connects to many ports of the same IP (likely port scanning)
Found malware configuration
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Snort IDS alert for network traffic
Tries to harvest and steal browser information (history, passwords, etc)
Yara detected RedLine Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b356b4e7b87f38a93032673a11fb91f5bd2a502f438e954ff1cb4a5b22afb98c/
Threat name:
Win32.Trojan.RedLine
Create hunting rule
Status:
Malicious
First seen:
2023-07-03 12:01:05 UTC
File Type:
PE (Exe)
AV detection:
18 of 24 (75.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wnlljz5yp44ksmbsm45bd64r6w6suubpiohjkt7rznffwivpxgga._file
Verdict:
malicious
Similar samples:
01df357140cab08154d7288fc1cde4829aee66ec02bcce8985506bf63961e024
RedLineStealer
1b13df7970dd431fb6ffded3d14c2d2874d4296f2be5e802b119e2dbf128dff0
RedLineStealer
3894def25b5585e3cba4bc8ce4556d5d93a349deee528a128c839760c155c5d1
RedLineStealer
5c671a7a409c3a6f2d041017fc2a801907248dad36be8041050fae4a6c34a4fd
RedLineStealer
5cfeac2fad035a1a351abd2d5734dcb858583fdbdb9cf7f9383f5c809593fe96
RedLineStealer
923ecbb2b0072d79eefb842e6e02ab6f3f8cb3e34a7cefa53368b8db06e40bfd
RedLineStealer
a506164efe62709bde219f076979078ffd7c73f0755afe8349906861040b4899
RedLineStealer
b96d28c0c43a8bc8c124dfbd69b03e2ea83c698024a7bd4e3770a2465e425c44
RedLineStealer
c1d088856f128aa9dbd120f2a727fbb33ae1567caf85d612426345d5e34545eb
RedLineStealer
d2f6db105fe997f60739a7b253dc4d863d35a41105c36bfd16a7a26a5a37b808
RedLineStealer
+ 451 additional samples on MalwareBazaar
Result
Malware family:
redline
Create hunting rule
Score:
  10/10
Tags:
family:redline botnet:nowa discovery infostealer spyware stealer
Link:
https://tria.ge/reports/230703-n6cl6sgc82/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Checks installed software on the system
Reads user/profile data of web browsers
RedLine
Malware Config
C2 Extraction:
77.91.124.49:19073
Unpacked files
SH256 hash:
4d517e812400372cfd51d9d5f5bb9dc2ddae06340c9ed683fb86e537b77aaf1d
MD5 hash:
bae6967cebc5594c2cf95e01a767161c
SHA1 hash:
86f0bea3228b603daeb518d8bfc6bd6db36c631b
Detections:
redline
Create hunting rule
redline
Create hunting rule
Link:
https://www.unpac.me/results/038286c2-fc23-44ae-8ded-6e01d847be5c/
Parent samples :
82920147595f28425520c5cb4f303bebfe385b32ff2b797f140cbcd3471e4ac6
f136208800c9e510b1953f36219422ce2ab2c67b4ef2263c25c9816e241b08b1
e242f66254d495968ccd101cf3c59e7e73926d7aae1f81e2e12a150e44318da9
f04eead916a34175ce5826547e3bc280a5ce947194eaa71c26dc99ab8eb4ca56
a2bd76a28833ba0bd1d5a790905d01d40665f359280d67deda71857ccf8699c5
c41689d3c0ba9acb3b715c8c1c88b21d9c44ef823ef1d0f4f849281b69988361
cf4c84de351581c31ed48121a2a6ace5658561b1630ca453daf3fcd04a7ccd48
76501e5e70856794a77e2a94fa1b0d311b164888e97496c47c8a62f289d18a88
151ccb7c9952f961eaa3d472d8bea88a3244ccd416945d1ebd985f49b32cad4f
bd9f1148b337603d60ad9a37deb2dfb8ccdc6938fb7915d1844364dd4d72b987
768cefe6e1ec490c7d6f3086c43ec0b8dee124cfac763a59712207b97cef0b0e
89736d051c7e2df5131d03c74d56441d05a00dd93e6dd9aa96f597ce679ac30b
b6bc5e3762c2fd99175292cc8a501b8f87214dbd5a4429a3e37d208960caa6ae
c8b65389bcf373795f526c6eacdf5f0fb052e1e7c3ace12d08d0ca4a611cfde1
9fdfbe6ed12b9571727972b1602f7ff4a2bf7d5ec57ec6e43346dab6a0d9884e
4789827391fc281ff581fedd195be271c49c1fbf06a6dfbb177b669fc80ae9b1
84684005182df7a9b785a992081553117453c8b6fefad3c0c0f846b802e0d31e
583703f1430c432d83f8463912a1bd5ae031c82fbc885a9fd8108d6255613c0c
ce2413690662928023f2e77c1db9f21f1a95f980a2a1de0cc5f7570f0e0985e4
39817cdfeea2b53cfd3caa4ab300baa92002f795b425f0ce2ba8c593bceb6437
ab88aa7ef3eff18455c623adb411d3ca1e002e6861f43a011469641b291e6022
b76092c2015150b00e789bc97cde2a7a3ce2436d288277df5239090333eb57d0
fcd18b4aea3a5ce7a79d7f0fa60a3fd245396206c63d0c444c2090d312c034d3
11cb2f2e59602a9ee67bff9998d4386f031523f8f2cfa2aca69e96f3be956615
6cb1f82b85af9acb5c3a3ab994ab94180e3a1db4a597d1622bf49bc1a3de8750
09fdf113d2237d42b0da093ed005eabc6b7c00431d4947732346642bd679fdc1
79e389ab555bb5f2d590cbafa6c7cca153111042bd17b934a1a4531ff0f77dbf
ccc753794f803da2e58fa349b24425f493ac2940e7c5d5f9309fefe9775a9f70
9edef61e7ae1ce4ccf9696f13967d1189f7ad3c840427a743cfde43eb1b67126
e2f34b72e2d1f70c121bf470d800b332b89f3861f00a3a6d6b54a258155159a2
ddc6335cd454d00f7a7232d788e49676243bf0afb1b9b23815f3da499088fce5
d8e0a557037438bf58b2f6668e6e7007d9aabef222bedad45bf92306d67de644
b16d3049efb0a682c9f4aa9c16356a10b51f35043988e8a15b7d023ff062bdd6
3967a6bc0ab09078fb6bdd3f82e1aa9afa8ccb2325777cefb1ccb2b931443df6
b356b4e7b87f38a93032673a11fb91f5bd2a502f438e954ff1cb4a5b22afb98c
9d612fd004104382615d7afad630bbd7d699879b09b7d75eddd2281e7c5b3cc3
a9414352de2f7cbe3f117137d89ae334041004a60f37083ec514152ac0168085
5d5d9c9e7143c993ae121a31206c5af5d89862ea706dda2f9bcdfe88a998859b
f5c9f5949853cb35b7c5da11315f86cc7cd65e7f44109b9212057af6f3e22715
8c43276630b214fdafbb927806daa2de9b916520a9b67fb59b06d559908c8028
6ee6054c2942ccc4f08db802a1c87515ea509208aebccd540f7b72a08783f303
1972a0426f0e27290730c5bdf4d86c6326e6e94b8de355d05de57de744b25479
fef6c486c4d1e98b7fdc9b2d08d7934a727890879349e416ce73b6ed8f7d7a32
5893aa282fb09bf7cdb0a914a00f4e0b66f003025ae9269ef5ced3d16757775f
6ed44e9ddb808d4f8561133d43bae95ed0cfb9ee005813e43e0f535cb00ad611
58f78b0ab60e2ae3b48922f0a18510a8c99bd0ffc187f670b818c32ca0ddad78
24c74c0a7297e69e8deb85038a803aeb6c8d077cdd1b741eee3e6521bc3b9a37
5939a9489a7151dc6da49adc940af71ea28378eaa1e9c62bbe90c92d03b93219
98e598f6fcc75e792676d5af706c7edc03c1385a30b3e70f96f6aa2604c24118
c20460f25e32b5dc24c35ff31458cc4eca16131bb1fd217b9b7cc637222df2e2
d59dcdceefcc9a8a590ae1baa1711fa1e839ae4c153c34d1ad28eeacd7fa95a9
b9233cfa2e9be64a1340f7d82c2d4398f6d7a8c99bec025690575ad83cafe3bd
84fe3522e23a67eb1f95e1f0305755584ab91dc31c7ad78b98eee2b674cde8df
225247faf83864857c98343fe2b8a4319a5636b26f576768dbef44605e037cfa
a60d9ec1c40c7ef6d85a57965da9053d08a71f8c401cdd2e1725d185c4aca516
c53f98d349054fd931f910ae93f3dfe4d756960e0b34f8f127a4409d52dbd69c
5ec0534cd2fe35eef92f3674381c38e864ec946e197af078b149330e577c0f88
d75e8259c2916aef578fa29fb2c7422786ef77f0ed0f0e37d3c829b9ac3fddfe
5cbc563512113a285e9e45e755e2ab79b99ce6eff36276de9bf83ab43f90e806
acbfd9935723410250deec270795152aa3125a3e36299f89ed1d0176ff4787ad
959e92561eb3ec39a94229a6b11d5d17ec8a537be72b1076a64ffbb9df1e8d89
6157eec0debbb9103310602560a527c932ba8bc4e8e372d17faf39ca73e34c93
d343390e1f00c5a4e043ed6536cab46b2e5ff4a5febf338541879cadd540458b
1d57346d9e14270e89e1346c743e11336c1c3ac6f2d01d40ef56f344d181c9eb
7daa75d3adbf34b1ff9bb00a5b4b2658b98fbf675625cf6fcb07506b313c18db
1a7777dcccd0e116cf5e6eef91a3b17134aaca3cea7e989b854b74f00a9f5369
c36b88631d0a1eaaf3a8341c1e182c8c403789168344097df4b0967ab4c36591
48e72cbeb5b56f003c5dd17a60a84dd2e0d1ef402c544ff41810694df572a15a
de209a5caa63bff526754b53a342b8cef5594ef061bdddbb78d89b4f5eabf647
f34b0e06956462e632fb7d04bd860e728f91663cc9b96bfa5aca793010660883
42eea701c2bdb001255a85b35332d0382344cb71038649d7309d51068e87c429
7cc0f284e9e2f0385b573cb244dd35605b621d4dcb0e869304c2b02d126c1324
SH256 hash:
c9ae32e024f0fcdd828dcc530dc335d9b30b896075b999cd77abc54f57e46d8b
MD5 hash:
5ff37266b37528ef13038f52cfd8150a
SHA1 hash:
1d647ca627425fbc76cd30daa8e7f36edce81513
Link:
https://www.unpac.me/results/038286c2-fc23-44ae-8ded-6e01d847be5c/
SH256 hash:
4d517e812400372cfd51d9d5f5bb9dc2ddae06340c9ed683fb86e537b77aaf1d
MD5 hash:
bae6967cebc5594c2cf95e01a767161c
SHA1 hash:
86f0bea3228b603daeb518d8bfc6bd6db36c631b
Detections:
redline
Create hunting rule
redline
Create hunting rule
Link:
https://www.unpac.me/results/038286c2-fc23-44ae-8ded-6e01d847be5c/
Parent samples :
82920147595f28425520c5cb4f303bebfe385b32ff2b797f140cbcd3471e4ac6
f136208800c9e510b1953f36219422ce2ab2c67b4ef2263c25c9816e241b08b1
e242f66254d495968ccd101cf3c59e7e73926d7aae1f81e2e12a150e44318da9
f04eead916a34175ce5826547e3bc280a5ce947194eaa71c26dc99ab8eb4ca56
a2bd76a28833ba0bd1d5a790905d01d40665f359280d67deda71857ccf8699c5
c41689d3c0ba9acb3b715c8c1c88b21d9c44ef823ef1d0f4f849281b69988361
cf4c84de351581c31ed48121a2a6ace5658561b1630ca453daf3fcd04a7ccd48
76501e5e70856794a77e2a94fa1b0d311b164888e97496c47c8a62f289d18a88
151ccb7c9952f961eaa3d472d8bea88a3244ccd416945d1ebd985f49b32cad4f
bd9f1148b337603d60ad9a37deb2dfb8ccdc6938fb7915d1844364dd4d72b987
768cefe6e1ec490c7d6f3086c43ec0b8dee124cfac763a59712207b97cef0b0e
89736d051c7e2df5131d03c74d56441d05a00dd93e6dd9aa96f597ce679ac30b
b6bc5e3762c2fd99175292cc8a501b8f87214dbd5a4429a3e37d208960caa6ae
c8b65389bcf373795f526c6eacdf5f0fb052e1e7c3ace12d08d0ca4a611cfde1
9fdfbe6ed12b9571727972b1602f7ff4a2bf7d5ec57ec6e43346dab6a0d9884e
4789827391fc281ff581fedd195be271c49c1fbf06a6dfbb177b669fc80ae9b1
84684005182df7a9b785a992081553117453c8b6fefad3c0c0f846b802e0d31e
583703f1430c432d83f8463912a1bd5ae031c82fbc885a9fd8108d6255613c0c
ce2413690662928023f2e77c1db9f21f1a95f980a2a1de0cc5f7570f0e0985e4
39817cdfeea2b53cfd3caa4ab300baa92002f795b425f0ce2ba8c593bceb6437
ab88aa7ef3eff18455c623adb411d3ca1e002e6861f43a011469641b291e6022
b76092c2015150b00e789bc97cde2a7a3ce2436d288277df5239090333eb57d0
fcd18b4aea3a5ce7a79d7f0fa60a3fd245396206c63d0c444c2090d312c034d3
11cb2f2e59602a9ee67bff9998d4386f031523f8f2cfa2aca69e96f3be956615
6cb1f82b85af9acb5c3a3ab994ab94180e3a1db4a597d1622bf49bc1a3de8750
09fdf113d2237d42b0da093ed005eabc6b7c00431d4947732346642bd679fdc1
79e389ab555bb5f2d590cbafa6c7cca153111042bd17b934a1a4531ff0f77dbf
ccc753794f803da2e58fa349b24425f493ac2940e7c5d5f9309fefe9775a9f70
9edef61e7ae1ce4ccf9696f13967d1189f7ad3c840427a743cfde43eb1b67126
e2f34b72e2d1f70c121bf470d800b332b89f3861f00a3a6d6b54a258155159a2
ddc6335cd454d00f7a7232d788e49676243bf0afb1b9b23815f3da499088fce5
d8e0a557037438bf58b2f6668e6e7007d9aabef222bedad45bf92306d67de644
b16d3049efb0a682c9f4aa9c16356a10b51f35043988e8a15b7d023ff062bdd6
3967a6bc0ab09078fb6bdd3f82e1aa9afa8ccb2325777cefb1ccb2b931443df6
b356b4e7b87f38a93032673a11fb91f5bd2a502f438e954ff1cb4a5b22afb98c
9d612fd004104382615d7afad630bbd7d699879b09b7d75eddd2281e7c5b3cc3
a9414352de2f7cbe3f117137d89ae334041004a60f37083ec514152ac0168085
5d5d9c9e7143c993ae121a31206c5af5d89862ea706dda2f9bcdfe88a998859b
f5c9f5949853cb35b7c5da11315f86cc7cd65e7f44109b9212057af6f3e22715
8c43276630b214fdafbb927806daa2de9b916520a9b67fb59b06d559908c8028
6ee6054c2942ccc4f08db802a1c87515ea509208aebccd540f7b72a08783f303
1972a0426f0e27290730c5bdf4d86c6326e6e94b8de355d05de57de744b25479
fef6c486c4d1e98b7fdc9b2d08d7934a727890879349e416ce73b6ed8f7d7a32
5893aa282fb09bf7cdb0a914a00f4e0b66f003025ae9269ef5ced3d16757775f
6ed44e9ddb808d4f8561133d43bae95ed0cfb9ee005813e43e0f535cb00ad611
58f78b0ab60e2ae3b48922f0a18510a8c99bd0ffc187f670b818c32ca0ddad78
24c74c0a7297e69e8deb85038a803aeb6c8d077cdd1b741eee3e6521bc3b9a37
5939a9489a7151dc6da49adc940af71ea28378eaa1e9c62bbe90c92d03b93219
98e598f6fcc75e792676d5af706c7edc03c1385a30b3e70f96f6aa2604c24118
c20460f25e32b5dc24c35ff31458cc4eca16131bb1fd217b9b7cc637222df2e2
d59dcdceefcc9a8a590ae1baa1711fa1e839ae4c153c34d1ad28eeacd7fa95a9
b9233cfa2e9be64a1340f7d82c2d4398f6d7a8c99bec025690575ad83cafe3bd
84fe3522e23a67eb1f95e1f0305755584ab91dc31c7ad78b98eee2b674cde8df
225247faf83864857c98343fe2b8a4319a5636b26f576768dbef44605e037cfa
a60d9ec1c40c7ef6d85a57965da9053d08a71f8c401cdd2e1725d185c4aca516
c53f98d349054fd931f910ae93f3dfe4d756960e0b34f8f127a4409d52dbd69c
5ec0534cd2fe35eef92f3674381c38e864ec946e197af078b149330e577c0f88
d75e8259c2916aef578fa29fb2c7422786ef77f0ed0f0e37d3c829b9ac3fddfe
5cbc563512113a285e9e45e755e2ab79b99ce6eff36276de9bf83ab43f90e806
acbfd9935723410250deec270795152aa3125a3e36299f89ed1d0176ff4787ad
959e92561eb3ec39a94229a6b11d5d17ec8a537be72b1076a64ffbb9df1e8d89
6157eec0debbb9103310602560a527c932ba8bc4e8e372d17faf39ca73e34c93
d343390e1f00c5a4e043ed6536cab46b2e5ff4a5febf338541879cadd540458b
1d57346d9e14270e89e1346c743e11336c1c3ac6f2d01d40ef56f344d181c9eb
7daa75d3adbf34b1ff9bb00a5b4b2658b98fbf675625cf6fcb07506b313c18db
1a7777dcccd0e116cf5e6eef91a3b17134aaca3cea7e989b854b74f00a9f5369
c36b88631d0a1eaaf3a8341c1e182c8c403789168344097df4b0967ab4c36591
48e72cbeb5b56f003c5dd17a60a84dd2e0d1ef402c544ff41810694df572a15a
de209a5caa63bff526754b53a342b8cef5594ef061bdddbb78d89b4f5eabf647
f34b0e06956462e632fb7d04bd860e728f91663cc9b96bfa5aca793010660883
42eea701c2bdb001255a85b35332d0382344cb71038649d7309d51068e87c429
7cc0f284e9e2f0385b573cb244dd35605b621d4dcb0e869304c2b02d126c1324
SH256 hash:
c9ae32e024f0fcdd828dcc530dc335d9b30b896075b999cd77abc54f57e46d8b
MD5 hash:
5ff37266b37528ef13038f52cfd8150a
SHA1 hash:
1d647ca627425fbc76cd30daa8e7f36edce81513
Link:
https://www.unpac.me/results/038286c2-fc23-44ae-8ded-6e01d847be5c/
SH256 hash:
b356b4e7b87f38a93032673a11fb91f5bd2a502f438e954ff1cb4a5b22afb98c
MD5 hash:
5301cccffcfaefe14b19354db0735cad
SHA1 hash:
c7b8bc84cd8c013c6b815b813e433815fd24f972
Link:
https://www.unpac.me/results/038286c2-fc23-44ae-8ded-6e01d847be5c/
Malware family:
RedLine.E
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/b356b4e7b87f/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_EXE_Packed_ConfuserEx
Create hunting rule
Author:ditekSHen
Description:Detects executables packed with ConfuserEx Mod
Rule name:INDICATOR_SUSPICIOUS_EXE_B64_Encoded_UserAgent
Create hunting rule
Author:ditekSHen
Description:Detects executables containing base64 encoded User Agent
Rule name:MALWARE_Win_RedLine
Create hunting rule
Author:ditekSHen
Description:Detects RedLine infostealer
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:pe_imphash
Create hunting rule
Rule name:PE_Potentially_Signed_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:redline_stealer_1
Create hunting rule
Author:Nikolaos 'n0t' Totosis
Description:RedLine Stealer Payload
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe b356b4e7b87f38a93032673a11fb91f5bd2a502f438e954ff1cb4a5b22afb98c

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/405900/
  
URLhaus
https://urlhaus.abuse.ch/url/2654756/
  
Delivery method
Distributed via web download

Comments