MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c7d060c9074cca55e9e04d61d0caf3dd9934b45dedd890ad5a3208022a35425e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 18


Intelligence 18 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c7d060c9074cca55e9e04d61d0caf3dd9934b45dedd890ad5a3208022a35425e
SHA3-384 hash: 8714f4ae87c9bf7255419945d4b5cbc53d2b5be71a0ef1274a0d2242a6db8cc0ab9d3034912bb1f682a4d96bede60113
SHA1 hash: 37bbb5782c0604fa1e29614e5ac05325fbcfc400
MD5 hash: f48349e7dfc25d0d5adfea8ea1277e74
humanhash: jig-bakerloo-four-idaho
File name:f48349e7dfc25d0d5adfea8ea1277e74.exe
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:1'171'968 bytes
First seen:2023-05-14 03:15:14 UTC
Last seen:2023-05-14 18:46:03 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 646167cce332c1c252cdcb1839e0cf48 (8'473 x RedLineStealer, 4'851 x Amadey, 290 x Smoke Loader)
ssdeep 24576:WyDmehoycwUQ8052Sy9Tc4g47ri1yeH2bXN3wmvYbRDLHGxBXs5xyi+:lDmeUwUQ57y9Tc4gpmjNXYbRVei
Threatray 2'896 similar samples on MalwareBazaar
TLSH T16F452307A2D48472D8E56FF449B347A30A37BCA1DC7CA7964B85A84A0CB36D476307B7
TrID 67.3% (.CPL) Windows Control Panel Item (generic) (197083/11/60)
10.6% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
5.6% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
4.4% (.SCR) Windows screen saver (13097/50/3)
3.5% (.EXE) Win64 Executable (generic) (10523/12/4)
File icon (PE):PE icon
dhash icon f8f0f4c8c8c8d8f0 (8'803 x RedLineStealer, 5'078 x Amadey, 288 x Smoke Loader)
Reporter abuse_ch
Tags:exe RedLineStealer


Avatar
abuse_ch
RedLineStealer C2:
http://95.214.27.98/cronus/index.php

Intelligence

File Origin
# of uploads :
4
# of downloads :
352
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
redline
Create hunting rule
ID:
1
File name:
f48349e7dfc25d0d5adfea8ea1277e74.exe
Verdict:
Malicious activity
Analysis date:
2023-05-14 03:17:38 UTC
Tags:
redline
Link:
https://app.any.run/tasks/c12900e3-0fa5-4f33-8484-ec96292af1f4

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
RedLine
Create hunting rule
Link:
https://www.capesandbox.com/analysis/389291/
Detection(s):
Sanesecurity.Malware.28840.BadO.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Trojan.Agent.EAOQ.26295.2066.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Creating a process from a recently created file
Creating a process with a hidden window
Launching a service
Creating a file
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Searching for the window
Blocking the Windows Defender launch
Disabling the operating system update service
Unauthorized injection to a recently created process
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/84086/overview
Behaviour
MalwareBazaar
MeasuringTime
SystemUptime
EvasionGetTickCount
EvasionQueryPerformanceCounter
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
advpack.dll CAB confuserex installer packed packed rundll32.exe setupapi.dll shell32.dll
Link:
https://www.filescan.io/uploads/64605272e68f9cbce80c4bcb/reports/46e61630-7afc-4309-abff-698913de2b24/overview
Verdict:
Malicious
Labled as:
HEUR/AGEN.1323756
Link:
https://www.hybrid-analysis.com/sample/c7d060c9074cca55e9e04d61d0caf3dd9934b45dedd890ad5a3208022a35425e
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
RedLine stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/53428ac9-df4a-439f-baef-a38326d20b5b
Result
Threat name:
RedLine
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1232545
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
C2 URLs / IPs found in malware configuration
Disable Windows Defender notifications (registry)
Disable Windows Defender real time protection (registry)
Found malware configuration
Machine Learning detection for dropped file
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected RedLine Stealer
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 865523 Sample: 633phGmyE5.exe Startdate: 14/05/2023 Architecture: WINDOWS Score: 100 45 Found malware configuration 2->45 47 Malicious sample detected (through community Yara rule) 2->47 49 Antivirus detection for dropped file 2->49 51 7 other signatures 2->51 9 633phGmyE5.exe 1 4 2->9         started        12 rundll32.exe 2->12         started        14 rundll32.exe 2->14         started        16 rundll32.exe 2->16         started        process3 file4 41 C:\Users\user\AppData\Local\...\z7792445.exe, PE32 9->41 dropped 43 C:\Users\user\AppData\Local\...\s9260414.exe, PE32 9->43 dropped 18 z7792445.exe 1 4 9->18         started        process5 file6 33 C:\Users\user\AppData\Local\...\z7586914.exe, PE32 18->33 dropped 35 C:\Users\user\AppData\Local\...\r0657057.exe, PE32 18->35 dropped 53 Antivirus detection for dropped file 18->53 55 Multi AV Scanner detection for dropped file 18->55 57 Machine Learning detection for dropped file 18->57 22 z7586914.exe 1 4 18->22         started        signatures7 process8 file9 37 C:\Users\user\AppData\Local\...\p7836416.exe, PE32 22->37 dropped 39 C:\Users\user\AppData\Local\...\o9242050.exe, PE32 22->39 dropped 59 Antivirus detection for dropped file 22->59 61 Multi AV Scanner detection for dropped file 22->61 63 Machine Learning detection for dropped file 22->63 26 o9242050.exe 9 1 22->26         started        29 p7836416.exe 22->29         started        signatures10 process11 signatures12 65 Antivirus detection for dropped file 26->65 67 Machine Learning detection for dropped file 26->67 69 Disable Windows Defender notifications (registry) 26->69 71 Disable Windows Defender real time protection (registry) 26->71 31 WerFault.exe 24 9 29->31         started        process13
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c7d060c9074cca55e9e04d61d0caf3dd9934b45dedd890ad5a3208022a35425e/
Threat name:
Win32.Trojan.Woreflint
Create hunting rule
Status:
Malicious
First seen:
2023-05-14 03:16:09 UTC
File Type:
PE (Exe)
Extracted files:
115
AV detection:
19 of 24 (79.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=y7igbsihjtffl2pajvq5bsxt3wmtjnc55xmjblk2gieaekrvijpa._file
Verdict:
malicious
Similar samples:
0f91f82218d734d2f86b6a1fa0b6c8743e031caf1ce6481e138201309eaf224f
RedLineStealer
127331248be3658c2f1156be9b8df2462ae511a94f73d3251f76ff294424b2cb
RedLineStealer
28d3195daf8b48fa262cc9be185e9dd402f79be472874b4070dd0516744b8a63
RedLineStealer
8003e04f598f75df475bebdafb8b1702c4bdff87067b6554942a795a50c5bb73
RedLineStealer
86de0eece0f433c1dad9c51b60a11e39346f6da14ad576d78bd72600d963f80a
RedLineStealer
8c6d489d8ecdd838af163fa9d7dca54122213cb7344e14496966c69e707f556c
RedLineStealer
aa3a84d69bd27931f0e7aeda5ff5cb4f7780644c2bb59bc1c374470c8109d2da
RedLineStealer
e97c547cced7e272f3695066bf3086013be74e24a21bf7bbb9302982edf255ce
RedLineStealer
f984811ca20f0022a21840ccd29a68b8a39d44569b4ecdb9634405e4f404af57
RedLineStealer
fda782d36cbd967d0c3f037110e2419d4676af0a089648fb8c6f8656e97fdb83
RedLineStealer
+ 2'886 additional samples on MalwareBazaar
Result
Malware family:
redline
Create hunting rule
Score:
  10/10
Tags:
family:redline botnet:luka botnet:terra discovery evasion infostealer persistence spyware stealer trojan
Link:
https://tria.ge/reports/230514-dsf3bsae57/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of UnmapMainImage
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Launches sc.exe
Suspicious use of SetThreadContext
Adds Run key to start application
Checks installed software on the system
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Windows security modification
Modifies Windows Defender Real-time Protection settings
RedLine
Malware Config
C2 Extraction:
185.161.248.75:4132
Unpacked files
SH256 hash:
ec5691b05799648974ed0b811c9555c798b060cc26ced2700f53ecb556964448
MD5 hash:
a3b2b71167f20c5ef769e462b69086fb
SHA1 hash:
64a09d547cce7481f0d315223471b79bb8f97b26
Link:
https://www.unpac.me/results/c20e6516-dead-4d07-a748-73052af9e11d/
SH256 hash:
46ec1c254853fa110a563d58a2c336671e003271394d170901b1779ebe0a0b54
MD5 hash:
c8cc801b85a28338687b92acec9ec813
SHA1 hash:
585895b0395c59c233af8f78003f55f25c12c622
Link:
https://www.unpac.me/results/c20e6516-dead-4d07-a748-73052af9e11d/
SH256 hash:
f4118141f772d469066b1285f99e2cfd940f20677683b89ba85c8b44ec98c3b6
MD5 hash:
8b0aced39e275f156c6936c73000549b
SHA1 hash:
5657c526c8224cb4e93c24b396a07f8eac7ff5f2
Detections:
Amadey
Create hunting rule
Link:
https://www.unpac.me/results/c20e6516-dead-4d07-a748-73052af9e11d/
Parent samples :
44c3a8da0ab137fdd6abd7cfb31627364b6b7610d0e3dd9604b03cc80d4f537b
d55f720efd4af3475edb05cafeda438cfd8dbd71366da7b187ba2c954258b5ce
813ce0745e3eb323b9c8371f145f33feacb64471b8fcf03f39dbd3ff25564774
56317cdb9e3688fb9c7bcd37f5ef6c435e5d06a64d46c35dfe92a92821750fc1
c7d060c9074cca55e9e04d61d0caf3dd9934b45dedd890ad5a3208022a35425e
cbe41193bc11dca56d056b7eb34b0691768e42f53d78750d6efeb9d28143ba5e
bcebcb224dbe8bd0777174ae719cb70657a7feb1a19207098bd84d3209da5d49
bd1260616f7472d2f310cc65cb4701746b499d943a7a5fa4c01f7fe0a4ddc304
bd57c9f6dadc4c62d7208db52f903c29aea6ff09f400cfa75a9851cc1aea427f
bf6596759ea62723d53032294de97c753fa51b46db9b49ff16cf14bdbef671f4
c046a3ab7b078de30ac65626becc7ed08f88c78aa94b0073f5d857d394edb9d3
c1ee5908dd2d0273bb18b08f0dcabe2a4614d894d69e81420a565be0f0c69ab0
c347081ec0d10ba6c004ccfc0fcad5b3e8f18c3dd03db909763f8558faec9f92
c46e12e7a08cfd17858543a034ae370ec8d3568c99e92d50913af07b365ca804
c62650b32d272546189183d4fe29418d58772a33c686a483589f03c2eb5ee2ef
c865344a337f66669c895acfc0d7aba9cf3d3998eb9cbb5c9825aa33d749f887
c91b34e20d6e23a75ce79c51bd6536f0366b759730476b0d6fdd2346efa04839
cb44d697cd120c0f9098e0b9b7faf2f5f67d5f426dfb225db47ee62684e45443
cc518ef8ab82d3cba40b797a5f6eacf36e7adae85589bb19de6a7e4687c2c119
ccb7d56726bf4f0ca6e15a21e49f35795cc56c101f4fb73e81f92e5d359c383f
d163b94088173bed10583e7faaa1213414dc07bc191560258eec01752edb87f2
d2588dacdad3a98e0860815d179a3b1a3db3f0eb2f6d8c96a1bbb72ad6746c52
d4dc7c680d5f51c46cf9e481bb985983751568bff4e7ce9dec1ad4367456862d
d4f7cf3a18686482f4f291c5a6fea4167e94a8bdaddd123a7998eff4c684c90b
d685952efbbd0aaf4155529b459c57cd3dd1d175419fa85fe4c2a4d7163fde45
d6860a6523e88ee8f973f45731e45b66902188f9ebea7debbcbbf9e1081e5b91
d89994b944d7f411b207f0d39b39f5310b6c8bae77561fb48a30c71449fc559c
dc0d7d5fba6ac5cf9a83f5ad5c5519c3a622cd2aea74324a6a26c4b60cfb14d9
dd4f68077b2a4a74f21d8853cd68c222c6084e93ec059c07069bd1cd9bce3fc6
e03a9e1e1776e4b867750ce2fedb93d2cea0b843b570e62839c16e451a8ca9bc
e196972679d31597c23fd5d24d6cf341abf8a8c5d3ad5c7b677d81db11f54377
e1c1f35c0befb6a2e46e18b28ad1f0b9dcf963706aa0d78e26e2aa76fc93c65f
e2ced1a635687dbe9b4ba8643db8c072696b952bc51310dc1e33b776b5651233
e3e82c868b618e76a560f315097bf6fe9ba10c909abb1b51aad942a16a9c525b
e72524b767d99a436abbea479aadcb7588c1e7e498955432aca2a54344f7093a
e8746a37d1389b3c1d722c790501d9e5f9a8c94af218dccceb17eaae05975bde
ec2d066e99962a25f3db7a6f839c5bab2b090889be6f30406bad596e0eddbff3
ed571035b1c4cf8101e899022e35ded1ef5b84459d1f3c2be7f5d37a7b3781e3
f253afd3fe057085b30cb4cfd5c0a027a4bfebe58812279ac469a48fc57be139
f67f0dbce979330570d7cd60dea97c59919c3496b09c4485a2ad2c1fe9f04ccd
fd9ba5fdb9c7a11812ef8aed5ef7afda54bed718c57f83e2dc39463348594c2c
fe2b1b0feaa71d353720ba9872a3f74979194d47214457ae430d6e5a4104b8ad
ff6f9e2634dbeeeaded817e008e7dbe487c316a7546093de3fee20dfbc21b4bf
5186b8b15914efa186c1d5141a15b8fe6a5dce062583cc0c17e839dd170f011d
412bd8c4546d08c9c75382080465565edbddc407221934823da9bf4ff123d115
ce9782e93e8f68a9cf4b8b810707e1e03dcca7f0f20468c16262a04aafe0d238
1c5177fb42c882a050c42f17c50369c995afd1e508e625408b56808add5d7379
ac15e8a71bd22b0baa16d9e4b221ce5b35350131eadb5a05f06c40983becbe9b
7a9aa6351156d2fc4db012247c813ead641df257369e140e040e3cea95233c31
b56eca4a9950a689b2946758f15c2911b865a1f06b73439f67d5de6d9ca601ca
5f61f3547f1936ef781e7acfb92205123aff9222eb881ef1af1f77fee0298f65
SH256 hash:
e94031e265104f8f9093764a555ef0e119df7a26e4c30601fb03e06ee72d4918
MD5 hash:
5f00c1746ebae73f3c9a2fc2c6f7c796
SHA1 hash:
6351480ced3ae0788c4c3cf22b3f2f9cc079c2d2
Link:
https://www.unpac.me/results/c20e6516-dead-4d07-a748-73052af9e11d/
SH256 hash:
2ef85b52a69715b3c837738c28f68bc4f34a4f6dd46756a9bbde672ace712be0
MD5 hash:
0a555128f2347a5506ccb93b1ae6a982
SHA1 hash:
590c866c6ebb736c17304a399dd431a623c3003b
Detections:
redline
Create hunting rule
Link:
https://www.unpac.me/results/c20e6516-dead-4d07-a748-73052af9e11d/
SH256 hash:
be44c9fd9a25f4331521b1fe16fe6d59c58488f60ab33588c8ac947b172aa192
MD5 hash:
3576cbf587ccbae0350ac4088becffe2
SHA1 hash:
55b1aba6048e982132c582087e9a1494413ead16
Link:
https://www.unpac.me/results/c20e6516-dead-4d07-a748-73052af9e11d/
SH256 hash:
9029b318d534baf10dac69a31ac536328475165ff85b74610ee7ccc58727c03e
MD5 hash:
73c697b19ff210db91bfffc22d473238
SHA1 hash:
6a4773211881a853ee0df15bd6b2481b9f444212
Link:
https://www.unpac.me/results/c20e6516-dead-4d07-a748-73052af9e11d/
SH256 hash:
c7c7a514fe456cfa50f3f087d1be3f2825bbeeb27935c6673b105b82eac3d7fe
MD5 hash:
deb22ad1341863ee15e81dc3923e297e
SHA1 hash:
f50d891f82ee8b4b2a944e682873dabdc3b4eea8
Detections:
redline
Create hunting rule
Link:
https://www.unpac.me/results/c20e6516-dead-4d07-a748-73052af9e11d/
Parent samples :
44c3a8da0ab137fdd6abd7cfb31627364b6b7610d0e3dd9604b03cc80d4f537b
d55f720efd4af3475edb05cafeda438cfd8dbd71366da7b187ba2c954258b5ce
813ce0745e3eb323b9c8371f145f33feacb64471b8fcf03f39dbd3ff25564774
56317cdb9e3688fb9c7bcd37f5ef6c435e5d06a64d46c35dfe92a92821750fc1
c7d060c9074cca55e9e04d61d0caf3dd9934b45dedd890ad5a3208022a35425e
cbe41193bc11dca56d056b7eb34b0691768e42f53d78750d6efeb9d28143ba5e
bcebcb224dbe8bd0777174ae719cb70657a7feb1a19207098bd84d3209da5d49
bd1260616f7472d2f310cc65cb4701746b499d943a7a5fa4c01f7fe0a4ddc304
bd57c9f6dadc4c62d7208db52f903c29aea6ff09f400cfa75a9851cc1aea427f
bf6596759ea62723d53032294de97c753fa51b46db9b49ff16cf14bdbef671f4
c046a3ab7b078de30ac65626becc7ed08f88c78aa94b0073f5d857d394edb9d3
c1ee5908dd2d0273bb18b08f0dcabe2a4614d894d69e81420a565be0f0c69ab0
c347081ec0d10ba6c004ccfc0fcad5b3e8f18c3dd03db909763f8558faec9f92
c46e12e7a08cfd17858543a034ae370ec8d3568c99e92d50913af07b365ca804
c62650b32d272546189183d4fe29418d58772a33c686a483589f03c2eb5ee2ef
c865344a337f66669c895acfc0d7aba9cf3d3998eb9cbb5c9825aa33d749f887
c91b34e20d6e23a75ce79c51bd6536f0366b759730476b0d6fdd2346efa04839
cb44d697cd120c0f9098e0b9b7faf2f5f67d5f426dfb225db47ee62684e45443
cc518ef8ab82d3cba40b797a5f6eacf36e7adae85589bb19de6a7e4687c2c119
ccb7d56726bf4f0ca6e15a21e49f35795cc56c101f4fb73e81f92e5d359c383f
d163b94088173bed10583e7faaa1213414dc07bc191560258eec01752edb87f2
d2588dacdad3a98e0860815d179a3b1a3db3f0eb2f6d8c96a1bbb72ad6746c52
d4dc7c680d5f51c46cf9e481bb985983751568bff4e7ce9dec1ad4367456862d
d4f7cf3a18686482f4f291c5a6fea4167e94a8bdaddd123a7998eff4c684c90b
d685952efbbd0aaf4155529b459c57cd3dd1d175419fa85fe4c2a4d7163fde45
d6860a6523e88ee8f973f45731e45b66902188f9ebea7debbcbbf9e1081e5b91
d89994b944d7f411b207f0d39b39f5310b6c8bae77561fb48a30c71449fc559c
dbe683197f6a83939cbc1b0f212eeb76a0f714b67ccefd264452928e1232a629
dc0d7d5fba6ac5cf9a83f5ad5c5519c3a622cd2aea74324a6a26c4b60cfb14d9
dc12c4a904161e71e11c66421513be3c6714944bc8c0d7521d395879c361e213
dd4f68077b2a4a74f21d8853cd68c222c6084e93ec059c07069bd1cd9bce3fc6
e03a9e1e1776e4b867750ce2fedb93d2cea0b843b570e62839c16e451a8ca9bc
e04e5d101d0d716311b6b71e2958c3493199b14d787f0da6b22a84b78f71e93a
e196972679d31597c23fd5d24d6cf341abf8a8c5d3ad5c7b677d81db11f54377
e1c1f35c0befb6a2e46e18b28ad1f0b9dcf963706aa0d78e26e2aa76fc93c65f
e29a3d17ce56a890473462e4ba1babb97061fe6f2f41d14db3da72dfe5ddcb8a
e2ced1a635687dbe9b4ba8643db8c072696b952bc51310dc1e33b776b5651233
e3e82c868b618e76a560f315097bf6fe9ba10c909abb1b51aad942a16a9c525b
e495614edb892fe7b0ed7749f34a7679c48109a84a95e39d6cc66d8592b0692d
e72524b767d99a436abbea479aadcb7588c1e7e498955432aca2a54344f7093a
e8746a37d1389b3c1d722c790501d9e5f9a8c94af218dccceb17eaae05975bde
ec2d066e99962a25f3db7a6f839c5bab2b090889be6f30406bad596e0eddbff3
ec5e496a96609c27c8adc62ca27fa259c308c366ff3a662e7135103324db67c1
ed571035b1c4cf8101e899022e35ded1ef5b84459d1f3c2be7f5d37a7b3781e3
ef48c240d1a67e93969aba12340d03dfec37a2ba656e12cfd4951469ee23ed3e
f253afd3fe057085b30cb4cfd5c0a027a4bfebe58812279ac469a48fc57be139
f2ce5991176a97cc5689dfb920c255b77de2e221d0f25ccecae5254a40a6d1fc
f67f0dbce979330570d7cd60dea97c59919c3496b09c4485a2ad2c1fe9f04ccd
fd9ba5fdb9c7a11812ef8aed5ef7afda54bed718c57f83e2dc39463348594c2c
fe2b1b0feaa71d353720ba9872a3f74979194d47214457ae430d6e5a4104b8ad
ff6f9e2634dbeeeaded817e008e7dbe487c316a7546093de3fee20dfbc21b4bf
5186b8b15914efa186c1d5141a15b8fe6a5dce062583cc0c17e839dd170f011d
SH256 hash:
c7d060c9074cca55e9e04d61d0caf3dd9934b45dedd890ad5a3208022a35425e
MD5 hash:
f48349e7dfc25d0d5adfea8ea1277e74
SHA1 hash:
37bbb5782c0604fa1e29614e5ac05325fbcfc400
Link:
https://www.unpac.me/results/c20e6516-dead-4d07-a748-73052af9e11d/
Malware family:
RedNet
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/c7d060c9074c/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c7d060c9074cca55e9e04d61d0caf3dd9934b45dedd890ad5a3208022a35425e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe c7d060c9074cca55e9e04d61d0caf3dd9934b45dedd890ad5a3208022a35425e

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2631490/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/389291/

Comments