MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bb63b3e2db3819a6b9d7a0c3e28157b8ba45c7ea6012ecb66ee6d7d18da62ff0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 11


Intelligence 11 IOCs YARA 2 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bb63b3e2db3819a6b9d7a0c3e28157b8ba45c7ea6012ecb66ee6d7d18da62ff0
SHA3-384 hash: dbdc19518f535b1a1511e994ca287b9f53091557b4f95ec08f596675eeaa91162e887e436c11704c452189b5fdf3b566
SHA1 hash: 0042e99fb477e0b68831fcd7948ea46fa9c25993
MD5 hash: bbdb74f2c6542aeeb854b0f1a3962379
humanhash: stream-maine-wyoming-lion
File name:bbdb74f2c6542aeeb854b0f1a3962379
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:179'200 bytes
First seen:2022-07-14 07:22:40 UTC
Last seen:2022-07-14 07:50:55 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash ed552dc65c8c57340ef42e7f59d7aec1 (2 x RedLineStealer)
ssdeep 3072:vqw26dxriPBJ8d+z12/5JUICTiSV/byO7e3TTYhAa6Yo/HKO/9Rs7Zu:z2AriETUVZDyO7e3TTYhR6lHKO/9Rs7Z
Threatray 6'240 similar samples on MalwareBazaar
TLSH T1E0048CB5B4CC88B1FA326931A6748797C62FFC610B5641F37B78482B4B581C09B35AE7
TrID 48.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
16.4% (.EXE) Win64 Executable (generic) (10523/12/4)
10.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
7.0% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter zbetcheckin
Tags:32 exe RedLineStealer

Intelligence

File Origin
# of uploads :
2
# of downloads :
157
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
redline
Create hunting rule
ID:
1
File name:
bbdb74f2c6542aeeb854b0f1a3962379
Verdict:
Malicious activity
Analysis date:
2022-07-14 07:27:24 UTC
Tags:
trojan rat redline
Link:
https://app.any.run/tasks/0839ca2c-65b7-4c86-bed4-be13e3f8d10f

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/288798/
Detection(s):
SecuriteInfo.com.Trojan.PWS.Steam.28827.26484.472.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Trojan.PWS.Steam.28827.15759.4456.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-vm greyware
Link:
https://www.filescan.io/uploads/62cfc46701fde6ede6816491/reports/cd1246ac-1fe0-4c1f-a0f5-7668b589a55c/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
RedLine
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1031438
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bb63b3e2db3819a6b9d7a0c3e28157b8ba45c7ea6012ecb66ee6d7d18da62ff0/
Threat name:
Win32.Trojan.RedLine
Create hunting rule
Status:
Malicious
First seen:
2022-07-14 07:23:07 UTC
File Type:
PE (Exe)
AV detection:
20 of 26 (76.92%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xnr3hyw3ham2nooxudb6fakxxc5elr7kmajoznto43l5ddngf7ya._file
Verdict:
malicious
Similar samples:
157650a417bac6874b180b9e1603ce39347940c605ec3229d99771992c394ea5
RedLineStealer
1b6db2ff76f4564310210b20e13118f37c92e1ef46541b1aec6b5a98be598ae4
RedLineStealer
986b1e107fdcf5ba3eec492626b08ea3d4e2091931d10b196a11c790a6f43d0c
RedLineStealer
a11ac8d263cad1c1bf6b40bd22c71403027d9b7a7cd825055be91ba5e4bc9594
RedLineStealer
c31f0cfe9be1561ee878cc22c6af53a5cabeaaa5ef9868f13c2be72f638b5457
RedLineStealer
f62cebe556bf3cdac1deae1af87712ad928f25e95b6630973511903fcf889c37
RedLineStealer
+ 6'230 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220714-h7vw9acbfj/
Unpacked files
SH256 hash:
7231ce0a8779530197cf521ebeb7a84c2544b583d061ea88d20c1f2ffd796a31
MD5 hash:
3f040180d6af83f52c3e4f41787e2492
SHA1 hash:
dc933f69bc1d85391bfb7a73f1b646129eb8c489
Link:
https://www.unpac.me/results/c3fab2d4-1f5d-4a82-a837-a92939cc6d87/
SH256 hash:
bb63b3e2db3819a6b9d7a0c3e28157b8ba45c7ea6012ecb66ee6d7d18da62ff0
MD5 hash:
bbdb74f2c6542aeeb854b0f1a3962379
SHA1 hash:
0042e99fb477e0b68831fcd7948ea46fa9c25993
Link:
https://www.unpac.me/results/c3fab2d4-1f5d-4a82-a837-a92939cc6d87/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/bb63b3e2db38/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/bb63b3e2db3819a6b9d7a0c3e28157b8ba45c7ea6012ecb66ee6d7d18da62ff0

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:BitcoinAddress
Create hunting rule
Author:Didier Stevens (@DidierStevens)
Description:Contains a valid Bitcoin address
Rule name:cobalt_strike_tmp01925d3f
Create hunting rule
Author:The DFIR Report
Description:files - file ~tmp01925d3f.exe
Reference:https://thedfirreport.com

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe bb63b3e2db3819a6b9d7a0c3e28157b8ba45c7ea6012ecb66ee6d7d18da62ff0

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2257226/
Cape
Cape
https://www.capesandbox.com/analysis/288798/

Comments


Avatar
zbet commented on 2022-07-14 07:22:44 UTC

url : hxxp://incotel.com.pk/10/data64_1.exe