MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d048d1f750a42a6ec45af4ea95fa97161f5d69e178b5c8cd467ddb1bb2fd69a1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d048d1f750a42a6ec45af4ea95fa97161f5d69e178b5c8cd467ddb1bb2fd69a1
SHA3-384 hash: ed306bf8f2a66e5e817634d8fd0b892b4809ebbee5a9017b77a7b11477845bedcf25baeebf3acf586dbb48ce0c7953e9
SHA1 hash: c8c83972ea0d33f0bb1ba3d9876b5dc64deee6c3
MD5 hash: cc9cc11e3c84685f61f029aa5e67771d
humanhash: autumn-jupiter-alanine-london
File name:cc9cc11e3c84685f61f029aa5e67771d
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:1'130'048 bytes
First seen:2022-03-09 20:40:43 UTC
Last seen:2022-03-09 22:50:46 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a6dd62d0926765a235772eb148b8ae30 (1 x RedLineStealer)
ssdeep 24576:iWQhlcR+QoQa65HEwr6/YoDSvCls2jDEc8VjxXRxMRKyk:iWQ3QoQa61Ewr6bf9DD8RVMM
Threatray 4'851 similar samples on MalwareBazaar
TLSH T157353322BB8729D9C334DA311CA49140B9D791D7C2FA8734BB4DB269CE5C242EFC54E6
Reporter zbetcheckin
Tags:32 exe RedLineStealer

Intelligence

File Origin
# of uploads :
2
# of downloads :
204
Origin country :
n/a
Vendor Threat Intelligence
Detection:
RedLine
Create hunting rule
Link:
https://www.capesandbox.com/analysis/248894/
Detection(s):
SecuriteInfo.com.Trojan.PWS.Siggen3.12356.19944.16539.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a window
Searching for analyzing tools
Сreating synchronization primitives
DNS request
Sending a custom TCP request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/622910e4dfdfa8501c823e7c/reports/9c697c86-1692-48e2-88fe-91dbb0add0e6/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/108c19c6-9f44-4918-bab8-ea0c0bd8e32f
Result
Threat name:
RedLine
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/953680
Signature
Detected unpacking (changes PE section rights)
Hides threads from debuggers
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Performs DNS queries to domains with low reputation
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to evade analysis by execution special instruction which cause usermode exception
Yara detected RedLine Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d048d1f750a42a6ec45af4ea95fa97161f5d69e178b5c8cd467ddb1bb2fd69a1/
Threat name:
Win32.Trojan.RedLineStealer
Create hunting rule
Status:
Malicious
First seen:
2022-03-03 11:08:05 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
23 of 27 (85.19%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
1047472f591363c130eaf88e078bf0772d1fda785c7d4c38d6bfa528eee1689e
RedLineStealer
2fec7b4ea47561285e6f6136a1df0d4c60342567be0ab0d3fba37f4bf9f3049e
RedLineStealer
423603734e03a0601620dfa8522bbddfc14de5418da253167f46f3a14cca4979
RedLineStealer
6087cbea917f0062401149be475a2d9440d00ce2a962d3be3b16f26264729233
RedLineStealer
a2556ce4f6a53ac6e63f597e9fe1671bc3d65d6b0b2af5ff3824a890f99cd9aa
RedLineStealer
b3f667f58a55d5ac01ff96469902697502e52e3a82079a6b3adcce5af28d4be1
RedLineStealer
f4e287439a21158230026a83cead6e14fce27dd6527976fbd480a00260b98fbd
RedLineStealer
+ 4'841 additional samples on MalwareBazaar
Result
Malware family:
redline
Create hunting rule
Score:
  10/10
Tags:
family:redline botnet:smurf1 infostealer
Link:
https://tria.ge/reports/220309-zge7jsbfh5/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of NtSetInformationThreadHideFromDebugger
RedLine
RedLine Payload
Malware Config
C2 Extraction:
xabigyarall.xyz:80
Unpacked files
SH256 hash:
1b70632bce3d9d55ba99f2bf7c71d72e0a4f779c30764a06e86d25d0b5bbda29
MD5 hash:
270464005acbd8614d98d2384692ed1c
SHA1 hash:
a0ec3099378b5f9cbf3f5a71a27139ae072a9d7c
Link:
https://www.unpac.me/results/2b11a4d3-6d0f-4698-8ae8-1e07e3016cf7/
SH256 hash:
d048d1f750a42a6ec45af4ea95fa97161f5d69e178b5c8cd467ddb1bb2fd69a1
MD5 hash:
cc9cc11e3c84685f61f029aa5e67771d
SHA1 hash:
c8c83972ea0d33f0bb1ba3d9876b5dc64deee6c3
Link:
https://www.unpac.me/results/2b11a4d3-6d0f-4698-8ae8-1e07e3016cf7/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d048d1f750a42a6ec45af4ea95fa97161f5d69e178b5c8cd467ddb1bb2fd69a1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe d048d1f750a42a6ec45af4ea95fa97161f5d69e178b5c8cd467ddb1bb2fd69a1

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2086583/
Cape
Cape
https://www.capesandbox.com/analysis/248894/

Comments


Avatar
zbet commented on 2022-03-09 20:40:47 UTC

url : hxxp://file-coin-coin-10.com/files/6960_1646221184_5075.exe