MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cb1e7498dcbe72083463d95b8479c4182c1d90adfc1fd4b03b200850247798ee. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cb1e7498dcbe72083463d95b8479c4182c1d90adfc1fd4b03b200850247798ee
SHA3-384 hash: c51fb8199fe160cafee774c2f2e1f7e3ec1893ea781214ad56b270db6e1ec5e5ddd34d06c7cff5fa871e734aa8323ff8
SHA1 hash: a5918c93cb596fae8bbc394c88fbc22b72c2b6ae
MD5 hash: 7635612baefd7799eec7ff0bfeb5d68b
humanhash: carolina-white-minnesota-iowa
File name:Architectural Design of Villa A50.bat
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:95'364 bytes
First seen:2023-03-09 02:51:31 UTC
Last seen:Never
File type:Batch (bat) bat
MIME type:text/plain
ssdeep 1536:4gNbKMcrLYOsgZqDUgucWhX8Oot3XuqTthtcLIkI1M+iNnQVc49WVLN:4dPUO9ZqDUDcWhbaH5IIbK+TcemLN
Threatray 273 similar samples on MalwareBazaar
TLSH T1DF930221EE389C95EC4223FBB86ADE15023B7984B57C40E6BB52CD3F49AFF1444C8894
Reporter 1ZRR4H
Tags:bat RedLineStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
121
Origin country :
CL CL
Vendor Threat Intelligence
Malware family:
redline
Create hunting rule
ID:
1
File name:
Architectural Design of Villa A50.bat
Verdict:
Malicious activity
Analysis date:
2023-03-09 02:54:04 UTC
Tags:
rat redline
Link:
https://app.any.run/tasks/e975fc3f-4766-4269-acfc-3253ddd2e219

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Other.Malware-gen.7800.24387.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
75%
Link:
https://www.filescan.io/uploads/640949d3f1a68c396b2df6b3/reports/b2dc5b37-4035-40e2-aa7d-7d26bbe50a93/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/cb1e7498dcbe72083463d95b8479c4182c1d90adfc1fd4b03b200850247798ee
Result
Verdict:
UNKNOWN
Result
Threat name:
RedLine
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/1190003
Signature
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Snort IDS alert for network traffic
Suspicious powershell command line found
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Yara detected RedLine Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cb1e7498dcbe72083463d95b8479c4182c1d90adfc1fd4b03b200850247798ee/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2023-03-01 13:46:18 UTC
File Type:
Text (Batch)
AV detection:
2 of 39 (5.13%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zmphjgg4xzzaqndd3fnyi6oedawb3efn7qp5jmb3eaefajdxtdxa._file
Verdict:
malicious
Similar samples:
5455441cf085fe5e5c605e6870fadd4f47f215d4525e23f5b75eaabec8cf3705
RedLineStealer
579532a04b63aac5992010d56fa6cc982855b194d9782f5cfff3b063192a94d0
RedLineStealer
8a59fe8ca31ce4abde54d02705f65ed0d788e384e0d5c05441971f4d1fef5b34
RedLineStealer
a2cbf70ab3ebedd2c768816596fade8e94d1dd0d6025001ac59a71860e45b808
RedLineStealer
b6c8d4806e4080ddee5a5b5ff6f3f12074fae9bd31464a147c7ac6851755ca4c
RedLineStealer
dc6226d88472e78b79c967c3d151400f1b6e69d7618efd430b64d35b2e20df2e
RedLineStealer
+ 263 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery spyware stealer
Link:
https://tria.ge/reports/230309-dcqltshb6z/
Behaviour
Suspicious behavior: CmdExeWriteProcessMemorySpam
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Checks computer location settings
Executes dropped EXE
Reads user/profile data of web browsers
Malware family:
RedLine.E
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/cb1e7498dcbe/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/cb1e7498dcbe72083463d95b8479c4182c1d90adfc1fd4b03b200850247798ee

File information

The table below shows additional information about this malware sample such as delivery method and external references.

RedLineStealer

Batch (bat) bat cb1e7498dcbe72083463d95b8479c4182c1d90adfc1fd4b03b200850247798ee

(this sample)

RedLineStealer

Executable exe 8bb08b19068f3c8b97454ff72b8624ed58fe884387fcf30356dc5a0153a008fb

  
Dropping
SHA256 8bb08b19068f3c8b97454ff72b8624ed58fe884387fcf30356dc5a0153a008fb
  
Dropping
MD5 f66cead6f614e129a93a3f2aee342165

Comments