MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cb1e09e5affb73670be3ba3a7d66a0a2f5df01cb81d8b6b2cd7cde41a5fed5c5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RedLineStealer

Vendor detections: 12

Intelligence 12 IOCs 2 YARA 4 File information Comments

SHA256 hash:	cb1e09e5affb73670be3ba3a7d66a0a2f5df01cb81d8b6b2cd7cde41a5fed5c5
SHA3-384 hash:	1882da0922e75b6dc55fb50b64933285b6aa4a15adc92032d0cab7df176f00c38475fe60c923216853d4226abca59f67
SHA1 hash:	8ca78530e6c4f2cd757bf248228f4b92a1b8bc61
MD5 hash:	2db25c548ca7fc4da4b93079e1b96d3b
humanhash:	lima-kilo-rugby-ink
File name:	34grewg.bin
Download:	download sample
Signature	RedLineStealer Create hunting rule
File size:	1'006'080 bytes
First seen:	2021-11-07 15:08:03 UTC
Last seen:	2021-11-07 17:18:08 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'744 x AgentTesla, 19'608 x Formbook, 12'242 x SnakeKeylogger)
ssdeep	24576:Srw2QUEnVjWB3mpBziCk7/d2liM6kt8+eSsz9AxEcjd+q:SUiEVj62LuCWaiM6ktPacp+q
Threatray	1'761 similar samples on MalwareBazaar
TLSH	T1CF25236863DC8B22F3B95BB1A45105C712B1F14D7601CB974FC2E0AE2E7BF6256137A2
Reporter	Anonymous
Tags:	exe RedLineStealer

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOC	ThreatFox Reference
185.215.113.99:21438	https://threatfox.abuse.ch/ioc/244756/
185.215.113.205:65531	https://threatfox.abuse.ch/ioc/241664/

Intelligence

File Origin

# of uploads :

# of downloads :

146

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

HYPIXEL BYPASS CLIENT 2021.zip

Verdict:

Malicious activity

Analysis date:

2021-11-07 15:02:26 UTC

Tags:

covid19 trojan rat redline stealer

Link:

https://app.any.run/tasks/bb6beadf-3bcb-4c22-abf1-55e8d1117df8

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

RedLine

Link:

https://www.capesandbox.com/analysis/203043/

Detection(s):

SecuriteInfo.com.IL.Trojan.MSILZilla.4694.60.28967.UNOFFICIAL

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-vm hacktool obfuscated packed redline

Link:

https://www.filescan.io/uploads/6187ebd52084b424af0e1edf/reports/6afc4fe6-ab43-491b-8695-d2a65ea5a618/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

RedLine stealer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/97eae39e-961d-4249-a134-79aa6064203e

Result

Threat name:

Unknown

Detection:

malicious

Classification:

troj

Score:

56 / 100

Link:

https://www.joesandbox.com/analysis/884806

Signature

Connects to many ports of the same IP (likely port scanning)

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/cb1e09e5affb73670be3ba3a7d66a0a2f5df01cb81d8b6b2cd7cde41a5fed5c5/

Threat name:

ByteCode-MSIL.Trojan.Zilla

Status:

Malicious

First seen:

2021-11-07 14:35:59 UTC

AV detection:

17 of 45 (37.78%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=zmpatznp7nzwoc7dxi5h2zvaul256aolqhmlnmwnptpedjp62xcq._file

Verdict:

malicious

RedLineStealer

069834c0109d17508121653ab6d19d1a00bd6e0fb27e2248b0da94dffd517cb4

RedLineStealer

0a7f5f666fb7a1cdda25353191ddaced97674f596af7230d58af2ee14ea14819

RedLineStealer

27c106e7c9e455f880849d79759df345d2117aa2e2357696dabb51bc11adce8b

RedLineStealer

3ca3ef048fd26e03a002f3fc9d80ecf27621dd27643857cfdac7c60c26d36a27

RedLineStealer

67228357df0053ec56765be0497d449042da5b6bef5ce9b580d3ab8089bbb4cf

RedLineStealer

9da4464ac8fdee6fae8131950ed946eb252685d9829b4c8cc5dff6ef2fad07a2

RedLineStealer

d06f2c1e45f62b363834c1ed0bd33fcbcc3ba26b2c8075717b1ff124f273c4b5

RedLineStealer

+ 1'751 additional samples on MalwareBazaar

Result

Malware family:

redline

Score:

10/10

Tags:

family:redline

Link:

https://tria.ge/reports/211107-shwscsadg7/

Behaviour

Suspicious use of AdjustPrivilegeToken

Unpacked files

SH256 hash:

cb1e09e5affb73670be3ba3a7d66a0a2f5df01cb81d8b6b2cd7cde41a5fed5c5

MD5 hash:

2db25c548ca7fc4da4b93079e1b96d3b

SHA1 hash:

8ca78530e6c4f2cd757bf248228f4b92a1b8bc61

Link:

https://www.unpac.me/results/d700d110-928f-4f40-a824-1ade5dc27293/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Redline

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/cb1e09e5affb73670be3ba3a7d66a0a2f5df01cb81d8b6b2cd7cde41a5fed5c5

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	MALWARE_Win_RedLine Create hunting rule
Author:	ditekSHen
Description:	Detects RedLine infostealer

Rule name:	pe_imphash Create hunting rule

Rule name:	pe_imphash Create hunting rule

Rule name:	Skystars_Malware_Imphash Create hunting rule
Author:	Skystars LightDefender
Description:	imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/203043/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample