MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bcd0816d97ffba1d11214540f3bf25344f835281fdd67edba638054527833222. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bcd0816d97ffba1d11214540f3bf25344f835281fdd67edba638054527833222
SHA3-384 hash: 6cf16bc60e03693e3b5a39374baaafcf7838d9f355400ae7334243998d0c348c056545237bb864ab227ed0ef4118d4ee
SHA1 hash: 9cee146023b52d4377bd157cc05caf64f981cfce
MD5 hash: d01e0cb5d8f6eac9504932b126d458ff
humanhash: freddie-item-monkey-jig
File name:d01e0cb5d8f6eac9504932b126d458ff.exe
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:343'552 bytes
First seen:2020-11-01 07:02:13 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash db3802718577016d6baf61be6dea2da3 (1 x RedLineStealer)
ssdeep 6144:l+uU0rfKc33K5PLvq3mhLF3QM9+Jd0fMk68j4P3mK:l+HDcq5zq3mL3Cn0f9jot
TLSH B774BE1036A0D136C363443C5861C6A0553BFC21ED77C9877BDCAF3B2EB26A15AB6396
Reporter abuse_ch
Tags:exe RedLineStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
141
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/81595/
Detection(s):
Win.Malware.Generic-9784683-0
Create hunting rule

Win.Packed.Generickdz-9784859-0
Create hunting rule

Win.Dropper.Tofsee-9785157-0
Create hunting rule

Win.Packed.Generickdz-9785340-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Launching the default Windows debugger (dwwin.exe)
DNS request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
RedLine
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/517624
Signature
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Yara detected RedLine Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bcd0816d97ffba1d11214540f3bf25344f835281fdd67edba638054527833222/
Threat name:
Win32.Trojan.Glupteba
Create hunting rule
Status:
Malicious
First seen:
2020-10-29 03:02:32 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger spyware stealer trojan
Link:
https://tria.ge/reports/201101-l2y8afb416/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Program crash
AgentTesla Payload
AgentTesla
Unpacked files
SH256 hash:
bcd0816d97ffba1d11214540f3bf25344f835281fdd67edba638054527833222
MD5 hash:
d01e0cb5d8f6eac9504932b126d458ff
SHA1 hash:
9cee146023b52d4377bd157cc05caf64f981cfce
Link:
https://www.unpac.me/results/3d10278e-528a-445d-803e-cc65661e071e/
SH256 hash:
a935af0e14ad10d8591569ce98e29eefcfeb998b95c8c5b3178955d90fba89aa
MD5 hash:
f573b258b495be49e687745842efa68b
SHA1 hash:
10d86badd96c7a9f497d60c27f49902f53412cfd
Detections:
win_redline_stealer_g0
Create hunting rule
Link:
https://www.unpac.me/results/3d10278e-528a-445d-803e-cc65661e071e/
SH256 hash:
2fef421ae8720252567e5091fa539fd68729b0dfc29ac1a40f9183d015b7502b
MD5 hash:
e2eca3c7c392a01db7d40a64f6c786c9
SHA1 hash:
61dd5b9d3a5a857c6485c13ad830013b8be7c837
Link:
https://www.unpac.me/results/3d10278e-528a-445d-803e-cc65661e071e/
SH256 hash:
1877eda439ece2ace37cd6482acbf181eb9a795ec57c2f2b950ffd2a61a82e37
MD5 hash:
fac3807d239ef7ae2a8135469daad0f5
SHA1 hash:
bcecd6f00439da653dd20ef6ccef660244de31c2
Detections:
win_redline_stealer_g0
Create hunting rule
Link:
https://www.unpac.me/results/3d10278e-528a-445d-803e-cc65661e071e/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/bcd0816d97ffba1d11214540f3bf25344f835281fdd67edba638054527833222

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe bcd0816d97ffba1d11214540f3bf25344f835281fdd67edba638054527833222

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/81595/
  
URLhaus
https://urlhaus.abuse.ch/url/759003/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/759776/

Comments