MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bafabb4721aa53307b5339d148014334d98976134a6896471577878bc5732dda. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bafabb4721aa53307b5339d148014334d98976134a6896471577878bc5732dda
SHA3-384 hash: 7f115e317dcc979e88b7aa5d689ef8b7c88266f55df8345caa198e053f357ff2ba1b948e5225c515a3b2d9fe9b299894
SHA1 hash: 09cbe64ec6a5dec39e6d1c743d8e619d06c77c05
MD5 hash: 953fcf7b3ffbc73f4b33786d0f113664
humanhash: glucose-zebra-single-dakota
File name:953fcf7b3ffbc73f4b33786d0f113664
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:168'960 bytes
First seen:2021-10-13 21:34:56 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 2122adc88eb6e103fbc7dbe6426ed12d (1 x ArkeiStealer, 1 x DanaBot, 1 x RedLineStealer)
ssdeep 3072:PVJryuQJJMQvCBehTu3EPoS9D98aShyuyjh34Oz:jryzkGCEPVx98aCAh34O
Threatray 74 similar samples on MalwareBazaar
TLSH T18AF3AE20F2D1C4BEC4A716709C658BF25AFBB821567492CB77A8377E1F603C05A7A316
File icon (PE):PE icon
dhash icon 81bcdcac9cccb48c (4 x RaccoonStealer, 3 x Smoke Loader, 3 x RedLineStealer)
Reporter zbetcheckin
Tags:32 exe RedLineStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
316
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
953fcf7b3ffbc73f4b33786d0f113664
Verdict:
No threats detected
Analysis date:
2021-10-13 21:53:56 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/c63fcf9b-0ca9-421a-97f9-c0d0db1814da

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/197385/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/b6cadd32-63fd-48a5-aea5-eb6fb21f7985
Result
Threat name:
Unknown
Detection:
malicious
Classification:
phis.evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/870052
Signature
Contains functionality to inject code into remote processes
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Modifies Chrome's extension installation force list
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bafabb4721aa53307b5339d148014334d98976134a6896471577878bc5732dda/
Threat name:
Win32.Trojan.Azorult
Create hunting rule
Status:
Malicious
First seen:
2021-10-12 21:39:46 UTC
AV detection:
11 of 28 (39.29%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xl5lwrzbvjjta62thhiuqakdgtmys5qtjjujmryvo6dyxrltfxna._file
Verdict:
malicious
Similar samples:
1561d6849d0b3394ab23968ba921e3c9af313ecf90cf2911b64889536c080dd4
RedLineStealer
6ce593e9aa59ebf1c4e6763b626669a4d24a32dc1183b85c6586c8d949a9e024
RedLineStealer
a4b9e911a5f2f42c747161b858485001a041d5250b78bd80e80a78356797571f
RedLineStealer
c3134451e6ef2212f832ceb0757d14a4d078771ec045bf195a66d40275542a1b
RedLineStealer
c406c0b632f53da9dda00cb1114c086c099ac059b37a64d6cad6b64e7e096300
RedLineStealer
dc0a6070aa94dcdeb01ddc73b7d368d4be7956e9edb3b193a409bb3bdb3094fa
RedLineStealer
e45dafc74d55173123dd0c7f3b6bb0389474ea62e80c0d660b7bed40727bb659
RedLineStealer
f901f95b307d303778cafcb4b3158b8e4afd6b001c55461165fb55bd0c1fc29e
RedLineStealer
fb3ff2b4bc0c7ae4eaaa2af0e2679c142aa9f04dbd19b19a575912d1c0229b88
RedLineStealer
+ 64 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/211013-1fby6sfbck/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Unpacked files
SH256 hash:
f147472617d014e1ac9640069046ce091472b2528414f5fd1deb68bec87e6281
MD5 hash:
36f7b8ac26f4982057b43ce2592cee19
SHA1 hash:
2aae67f854dc3a210cf55c6062f4e8b9934676b7
Link:
https://www.unpac.me/results/d8fbda98-6569-4f4b-bf72-fddced6eda3b/
SH256 hash:
bafabb4721aa53307b5339d148014334d98976134a6896471577878bc5732dda
MD5 hash:
953fcf7b3ffbc73f4b33786d0f113664
SHA1 hash:
09cbe64ec6a5dec39e6d1c743d8e619d06c77c05
Link:
https://www.unpac.me/results/d8fbda98-6569-4f4b-bf72-fddced6eda3b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/bafabb4721aa53307b5339d148014334d98976134a6896471577878bc5732dda

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe bafabb4721aa53307b5339d148014334d98976134a6896471577878bc5732dda

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/197385/
  
URLhaus
https://urlhaus.abuse.ch/url/1642817/

Comments