MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d5388c7c2b3d1d1f78bf05fa921d08da77dbd95bda870dd6586ef454f1baf057. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 16


Intelligence 16 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d5388c7c2b3d1d1f78bf05fa921d08da77dbd95bda870dd6586ef454f1baf057
SHA3-384 hash: 2841e2c29f2edf0de2970953b3915db6792f09fa711122bba31a64c0df30b0c6f1582e387423d62af9d34c2bb37597b9
SHA1 hash: c23eb6fd9e5ad95b0617e47636e4cccf1d50c199
MD5 hash: b38442ac9576002c1a86151bb7ff6314
humanhash: arkansas-ink-oscar-lion
File name:b38442ac9576002c1a86151bb7ff6314.exe
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:314'368 bytes
First seen:2023-03-08 21:05:25 UTC
Last seen:2023-03-08 22:40:02 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash eb7c24017bd43537a43eb41342fa9874 (6 x RedLineStealer, 4 x Amadey, 1 x Smoke Loader)
ssdeep 6144:VoEoGkMU+A8zJ6PqyJ4F5frUIj5nPuxE11RlK:6vGk9+A8zJA7J4Fp3jpj1L
Threatray 13 similar samples on MalwareBazaar
TLSH T19E64D01293E37C60E27687714F3DF2F4262EFB515E6BEB9923145A1F08B11E18A63712
TrID 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
15.9% (.EXE) Win64 Executable (generic) (10523/12/4)
9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 916a6e6a6a6a6a70 (15 x RedLineStealer, 12 x Smoke Loader, 5 x Amadey)
Reporter abuse_ch
Tags:exe RedLineStealer


Avatar
abuse_ch
RedLineStealer C2:
193.233.20.28:4125

Intelligence

File Origin
# of uploads :
2
# of downloads :
228
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
redline
Create hunting rule
ID:
1
File name:
b38442ac9576002c1a86151bb7ff6314.exe
Verdict:
Malicious activity
Analysis date:
2023-03-08 21:22:47 UTC
Tags:
rat redline
Link:
https://app.any.run/tasks/6b3255cc-f161-4d6a-8517-f43033c54002

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
RedLine
Create hunting rule
Link:
https://www.capesandbox.com/analysis/372765/
Detection(s):
SecuriteInfo.com.Win32.PWSX-gen.15007.21958.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Using the Windows Management Instrumentation requests
Reading critical registry keys
Creating a file
Launching the default Windows debugger (dwwin.exe)
Sending a TCP request to an infection source
Stealing user critical data
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
67%
Tags:
greyware packed shell32.dll
Link:
https://www.filescan.io/uploads/6408f8c1ecb98d10106400ee/reports/63d0a331-ec9f-4753-843e-782166a92142/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/d5388c7c2b3d1d1f78bf05fa921d08da77dbd95bda870dd6586ef454f1baf057
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Malicious Packer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/3f0f1101-cf1e-4a87-829d-a4c1c4956725
Result
Threat name:
RedLine
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1189844
Signature
C2 URLs / IPs found in malware configuration
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Snort IDS alert for network traffic
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Yara detected RedLine Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d5388c7c2b3d1d1f78bf05fa921d08da77dbd95bda870dd6586ef454f1baf057/
Threat name:
Win32.Trojan.SmokeLoader
Create hunting rule
Status:
Malicious
First seen:
2023-03-08 21:06:28 UTC
File Type:
PE (Exe)
Extracted files:
26
AV detection:
17 of 25 (68.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2u4iy7blhuor66f7ax5jehii3j35xwk33kdq3vsyn32fj4n26blq._file
Verdict:
malicious
Similar samples:
0afb28c467b02cc9b91cbd45a6b0eee38a4c0c93c11efe7e892e9ae8a0f250a4
RedLineStealer
1a05e9fcc4a4f16f3dff7e6447847604eeb050fb0f5eb96aeddfdc2069165f46
RedLineStealer
3a1e6d5f76e8d2cc7c78dabeb6bfbffc298324fa712a55d137a1e095f762dacd
RedLineStealer
61dcedfb38453427170d426c396e9bc5080ee63088b8892a7cd5621b141d6b69
RedLineStealer
6e4851ea613a84b0f163d5f0ce7300d57283a2a734aa7ca002c4c9bb87d4f392
RedLineStealer
8152ede7f665910747fd8c2c3384e2b721f922c8b6e758882959355c2c7b9872
RedLineStealer
ade76c27d8fcf82e28efe778f9e848f6da9ecd4bb2129bb59278d78b69523ad2
RedLineStealer
bbaadb0917566495a400596ca4d3b3803aa7f6f49f82071a4f146c831da9794a
RedLineStealer
ca2e28ee7e793e7748701bb3875d0e11fe24a1aacb9b3cdc1865c890423f51ae
RedLineStealer
f6ae8c2cb6a6fa1c6983d535640e6b1589434bc8822f5af1d9c7e1bdee658810
RedLineStealer
+ 3 additional samples on MalwareBazaar
Result
Malware family:
redline
Create hunting rule
Score:
  10/10
Tags:
family:redline botnet:mango discovery infostealer spyware stealer
Link:
https://tria.ge/reports/230308-zxq9raha93/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Reads user/profile data of web browsers
RedLine
RedLine payload
Malware Config
C2 Extraction:
193.233.20.28:4125
Unpacked files
SH256 hash:
c2300a9d90f2cdbe6538a2f96ffc482596ea493b3f2fbd9e107c3801f78a441f
MD5 hash:
1683f2c06f3e5f502ef6be243d3dd0eb
SHA1 hash:
d154adc9e45ebbde89a40a6da5d78ae91a9a1d27
Detections:
redline
Create hunting rule
Link:
https://www.unpac.me/results/b1b1c85a-a22d-45a8-9e6e-40751e2ebe9f/
Parent samples :
1a05e9fcc4a4f16f3dff7e6447847604eeb050fb0f5eb96aeddfdc2069165f46
6e4851ea613a84b0f163d5f0ce7300d57283a2a734aa7ca002c4c9bb87d4f392
61dcedfb38453427170d426c396e9bc5080ee63088b8892a7cd5621b141d6b69
ca2e28ee7e793e7748701bb3875d0e11fe24a1aacb9b3cdc1865c890423f51ae
bbaadb0917566495a400596ca4d3b3803aa7f6f49f82071a4f146c831da9794a
ade76c27d8fcf82e28efe778f9e848f6da9ecd4bb2129bb59278d78b69523ad2
0afb28c467b02cc9b91cbd45a6b0eee38a4c0c93c11efe7e892e9ae8a0f250a4
8152ede7f665910747fd8c2c3384e2b721f922c8b6e758882959355c2c7b9872
d5388c7c2b3d1d1f78bf05fa921d08da77dbd95bda870dd6586ef454f1baf057
98a69344fc7f63f8839f1cda32b8a57400d871ea0e618454ed4e4d9a2f001e4c
cd3bde9a06c3e79fb85e88a38d93c654f0d8941108581fa7b2b883a04bc9e0b0
8e9c17eef3b9aea25037691c41032485a6bc4b768861ac8da022ae30c76a494a
11fabd86822c10caf14f9e189d3071ea1355dd996e437eac8eef01a0e419302c
d23466023b353a7a281d06ef51d8c913c98a4f11d7a15e7a3cffd1b6d8f48fe0
cf461b4800e075e7587a844bbbab6b4b9ee987c73062b30a4d9734b736d96f59
31bb7b8c3a3b5215810473d482b95062d79452fb584f292646fea7e095819b55
011a59f49d5d2c8965bad3829cf84a924b6611e67cf7f3d31bb2031ca61ed9af
85d93c02c3dbe76faa87f61da66053378c117828747bdd9c24d77e09854df54f
66f558d704f16300999826f2c369d2710da5b12d4b7b4199e3af92b21c8e09bf
aff53afbb407c1e40a0ba6585f686576edd4a13540f9d416bf152f94476588c5
372db1c46c51528dda1e2e6b8a7896a0f374ef5caa6df5b0877f9c18d54aef61
30b3952bd4f49fb1c1643e29c05af36d39ed26896c0011b48bdd16a5674cf362
ba066a534c66605e9c5c069d3ddff5ea0bfacd67b30ab980835ec5397a1c1829
13eb015e11f81acae8a3308ae8b60bfaf20f686cbbf3340ceb301724c2d5a0da
20a3ba4625887b29e3f6c24b0060ec26210b1b06449195a8592d231bd6bc48c0
718eb1a15f1b7aa9d13d1beb659c5205502fa8b150be3c87406e1083c1821afb
b2ef7c14625c83d1a129dff9ac557ee00938a942113e6d20815f1deca524cc38
31ed8c53ecb163ce6a01cc77670e6a5aab0f05793a020a5ce5b59022338807f6
59c5d1288d3fd68e886cdc085a55440c0dba08b091a784c1a7088ce2e2a805d8
64eacae11204f3f20d178939ea1af6c11d3ac186d68986563da230f6b2446578
ef96a3fe225f3fdc4fc2d1e6fa3a611be0f792fc7ff73e4db25dafb62c4d73c1
4e636412e15924c8cfaa51be169e3a49aa243299866854801765a79250252b33
80849414d4367892b38e6096b9ef591d97f59fd3ce77db07522b8e65dba78d14
460011bd0c072c7ad0ca87dac192236b6e070b4529fadfc55e0f31d394e4b3c9
182017f20b1e98d012a686b05abf67ff67ebee4bb3a5de31ac03bebec86cf75c
c20c9015ec3391e1b9ec4116f4f3dcef5ce4e707839d04768a132c9d38ba56b1
bb6194e6395a6eeecb4a871737573985cf5f08e674e81b7de675feb4dcffc2f8
a22494937a543c7e26c6b8eb20ee1f155ecdf305abebb32f78f060509140c08c
6ccc596a5bd8efbd2bf410c62f7c0c78fb7d60bc4da499a904ccfd1934dd5759
ccafa2b7567178b3ae1e92d5fd072564ee9010530f8b6cd321f9b0378a74105e
f5e1380410aa2eb6f6759ee151bab63c06af6e9185651d6e7be6f1ea8c626698
e4f99fd8c2242bdbdba461c6950de77005233ec449c439b04266571c18688803
06a67f112f847ef6fcdb8e81cff1a151f3a3ce4f08d12d57c9bb401be59f514d
f08b55a84e25e0378ecc6a460846c42930827d2696d3fcff5bc58372b90eaef7
b4279470c83decb519a16c1acd6fb668d32f011cd30b17805929d003ef6a4702
625ddb1724889de118ed1eae88e4c342d4d38e5b135ed1b097f5555042f0e9ea
8fde6dee762aa6429de83032a35bd9e347e55940dd21d6be60bfb411a47c2d3d
fba56d30b9434f11bb2be6dc0f8ccf80429850e49bf6e9128ba480ba0f0af64b
a2fd623129163eff2b6858ccf140ed3928357904c06c72d8d12f8dc8203b7505
5a3a7b57b192504ca051d8132e5a78d71731eea9cdbc7074fc010902b139629c
3930cbec1ffbf616a153597f388a58e8053f0f4dc1140984abe38b2060f3cade
86992f5c3c6be5869c2bb301aa219063c713c700eadd0f443434e73bcc55c2b9
74b87392947a04367bc0b4bdd9e815ed747304d01abf441fc7250b3e97c96264
9007222abed438a3bc49eb31184f7dbb80d59ff0b3bf9f7191fdb999e8bc76de
b4d196df0ebcd2fb930538f209e153759a8153e5ebe76c54c48a6b6407874744
260d3fc673221ba9db5773c91b1b8b22a01c050c38f602ca88ca924bcec9f512
1444fd62eafb534ddc3b732e9f07133b38c2aa86dcb3f52715daea7ca2d75388
cc7a4c5d3862dc17603f1eae225f7775b0ce638b36692734e7a0e182242d8342
27785e90fb9d12b109e90eab29e6df9a21026aa38cfac8534d36335fc7bbd39c
53870216d1ccfcfcc72ccc55b562ad0c2488a17fb1d3601dd2123a2be5ff344c
7eaadc9b9e997442376ddbb330aa04e68c3003634883c78dfac7942d7d820bc3
cf59e2990302dda99e63ab97d3474062cbcadcdeb0a546eca781f138220c9f5f
3cfa52f66565386848b3057671472f0151848977c770b2577f7cb8bac4f65cb3
bb0f591964a0be1589588085c2f6bb3c2a64a804a6d85d5dc0ff8696ef554ffc
47d421a393d86ffd285489a3c0bf823052e907eb89c7a6ddf9ba03779b960945
6a1dcc26ea51cb822a0c4f71682c4fc9a1605c2c7fdf711cdc8ffe77f77aeec6
3a90e1ec31f3e0cdee1e87e7ad6e7e32ef238b9794580c3bbe76e9a6d0f0aa0d
fece2399da019ae009324ff78371c168dd6a09e9e86556b8d10496135f5ef082
4e552a5509c2d07e5b1fca579f3588297515855a65efc09a8b454cc66874a1fd
1c61ca7dcb7fb936889a3a1404e23c3ce507b0394e68896224e0ecd67f906956
7f5bc567c9bb814ce2c53cc4d5ddfe2c88d54aa482fcb328f02baba07a3991ff
0a80b539c3544cea4be2be916a2c1c86390264d941ba873eb43f90eba682f782
31470a4770f337c4a470209760b92cfbc065e2850ff9cddfd1d5c972922edc8d
7cbb8136db04df3cbdad3b36d0b83896aca5822c7e8695ba580799534c7fbf0d
afe24a0eff34830714bf290b21f7291fc7000c57b9588ebc5ccb2d069ef0b2d6
3c1769ad786efc178640a7f744e02f048707c72b27d781531f64dd16e1822e9e
09b098f27500ac1e91b8ed2ea0e4d1d844cdbbd23f5b00bc97b3d555a570c3c1
bc4b6c56271d4f0fb76b61ef50ee8ca523d31a4495026dfe88a6d64ab201f0cb
2f2348283dd346326645ae7f303c7d3b59681d0984fda5e7b9fd7e1bbc3a082e
SH256 hash:
9c3793b94df11d3a8a5b8d5a348709b005693ab9d1cdb9ee1491a695551929f9
MD5 hash:
617e9db1209c50d985dfe179459b69da
SHA1 hash:
617474188ca351ca66e1fd7bf757961d35c1522e
Detections:
redline
Create hunting rule
Link:
https://www.unpac.me/results/b1b1c85a-a22d-45a8-9e6e-40751e2ebe9f/
Parent samples :
1a05e9fcc4a4f16f3dff7e6447847604eeb050fb0f5eb96aeddfdc2069165f46
6e4851ea613a84b0f163d5f0ce7300d57283a2a734aa7ca002c4c9bb87d4f392
61dcedfb38453427170d426c396e9bc5080ee63088b8892a7cd5621b141d6b69
bbaadb0917566495a400596ca4d3b3803aa7f6f49f82071a4f146c831da9794a
0afb28c467b02cc9b91cbd45a6b0eee38a4c0c93c11efe7e892e9ae8a0f250a4
d5388c7c2b3d1d1f78bf05fa921d08da77dbd95bda870dd6586ef454f1baf057
98a69344fc7f63f8839f1cda32b8a57400d871ea0e618454ed4e4d9a2f001e4c
31bb7b8c3a3b5215810473d482b95062d79452fb584f292646fea7e095819b55
66f558d704f16300999826f2c369d2710da5b12d4b7b4199e3af92b21c8e09bf
30b3952bd4f49fb1c1643e29c05af36d39ed26896c0011b48bdd16a5674cf362
8d768b6d2d4f029d89aaca0f370c2ef45afce184b407ca9bd96e711537f16e88
9074613a0c7eb9325bceb6824d61cee52f6fe60214dd99d8ad6945b251e74af0
c2273aca73109c7b144a299bf7c4ef07169a1b197dbda3cf193a952f03952de8
13eb015e11f81acae8a3308ae8b60bfaf20f686cbbf3340ceb301724c2d5a0da
20a3ba4625887b29e3f6c24b0060ec26210b1b06449195a8592d231bd6bc48c0
31ed8c53ecb163ce6a01cc77670e6a5aab0f05793a020a5ce5b59022338807f6
59c5d1288d3fd68e886cdc085a55440c0dba08b091a784c1a7088ce2e2a805d8
ef96a3fe225f3fdc4fc2d1e6fa3a611be0f792fc7ff73e4db25dafb62c4d73c1
4e636412e15924c8cfaa51be169e3a49aa243299866854801765a79250252b33
460011bd0c072c7ad0ca87dac192236b6e070b4529fadfc55e0f31d394e4b3c9
182017f20b1e98d012a686b05abf67ff67ebee4bb3a5de31ac03bebec86cf75c
bb6194e6395a6eeecb4a871737573985cf5f08e674e81b7de675feb4dcffc2f8
a22494937a543c7e26c6b8eb20ee1f155ecdf305abebb32f78f060509140c08c
85ea81d0b6a9fcb081afc1a658e4da0e5c7b6e52d0ee74d05b34b32ea860105d
ccafa2b7567178b3ae1e92d5fd072564ee9010530f8b6cd321f9b0378a74105e
f5e1380410aa2eb6f6759ee151bab63c06af6e9185651d6e7be6f1ea8c626698
a7791d56edad24ceb01e4d641ba551db4a90a46672618d86554d290bd37f3f9a
06a67f112f847ef6fcdb8e81cff1a151f3a3ce4f08d12d57c9bb401be59f514d
ff80b55ed6c060386004fb081efedea773ec6b62196811298d97a8b84eede821
54d4b008b326bef75b08b33973e518894b62710b70616e72d531eb6933c108a4
625ddb1724889de118ed1eae88e4c342d4d38e5b135ed1b097f5555042f0e9ea
9ae352b627b6da67e07d6cbfe96fbc3a92edbc9f036be188139435ee03b8c058
a9b8d9cd012f5b67e43f165428e7d80b2102a08f1b1bce03892cbdf911a928f3
8fde6dee762aa6429de83032a35bd9e347e55940dd21d6be60bfb411a47c2d3d
fba56d30b9434f11bb2be6dc0f8ccf80429850e49bf6e9128ba480ba0f0af64b
6e71a6daf4199aba9e05d3d5ade7f3348e84ae56066306ea582707228a18f0fa
8f76eb68ead67ca67d51c781751fce4d26834f77289ada22d83e45122b6de332
e27802dd45bd6918f6dd3fda902c757f906511c4e288bfa9dc2e0c012afd5f1d
3ca7bb9bf7c0de53c16bdade2056297c38600472838b5d535d834ccecac3bab3
5a3a7b57b192504ca051d8132e5a78d71731eea9cdbc7074fc010902b139629c
3930cbec1ffbf616a153597f388a58e8053f0f4dc1140984abe38b2060f3cade
86992f5c3c6be5869c2bb301aa219063c713c700eadd0f443434e73bcc55c2b9
f6a783f2f0d207fc4f597bb96a54bb799bfe5669bb46578489cb48517524d4de
6bac77bb216d4cebd7bc53371be98316a4754703f8da3f08fb00410149e78430
9007222abed438a3bc49eb31184f7dbb80d59ff0b3bf9f7191fdb999e8bc76de
323446cb8a4a88ec07d513839ac96ff473214df753182f43f95bd4ba0f475b6e
d532cc43fc7bd9594081e79163a331e79ec9c609834e331936d2548296749865
b4d196df0ebcd2fb930538f209e153759a8153e5ebe76c54c48a6b6407874744
260d3fc673221ba9db5773c91b1b8b22a01c050c38f602ca88ca924bcec9f512
1444fd62eafb534ddc3b732e9f07133b38c2aa86dcb3f52715daea7ca2d75388
bc5b448c8b80efdb12280e0153a13c5ed1529912dc75c6d14cbc8a32a359bb58
53870216d1ccfcfcc72ccc55b562ad0c2488a17fb1d3601dd2123a2be5ff344c
7eaadc9b9e997442376ddbb330aa04e68c3003634883c78dfac7942d7d820bc3
cf59e2990302dda99e63ab97d3474062cbcadcdeb0a546eca781f138220c9f5f
3cfa52f66565386848b3057671472f0151848977c770b2577f7cb8bac4f65cb3
4b6a9a16e6550de1ec254fef7df86904cabdc63fef9a337975de7a3e158a6457
3a90e1ec31f3e0cdee1e87e7ad6e7e32ef238b9794580c3bbe76e9a6d0f0aa0d
fece2399da019ae009324ff78371c168dd6a09e9e86556b8d10496135f5ef082
87b17c70065abebe6a55305b7bf93f23899373c58703b710165e287440fbbaf5
52190d6714f8d3835582ea62af31fb0b6253cbbe929e3283e430655fba5fa1e8
4e552a5509c2d07e5b1fca579f3588297515855a65efc09a8b454cc66874a1fd
6265e1e694675e5eefb806c77f5bd124b5001aeef58188eae88398d517086aeb
be2b2059ed2a5443355036db58283a4fae5d7f86578ef322b3fbfcc128a473b0
1b42bd858071965be6f685c1f41963d1ffdb84a3b9ab14fd107a950de79fe8d6
0a80b539c3544cea4be2be916a2c1c86390264d941ba873eb43f90eba682f782
b9b5f5b7816caa9d22bb09030a2ae3a47bc3fbe529001a56d39c944257a9c7f9
7cbb8136db04df3cbdad3b36d0b83896aca5822c7e8695ba580799534c7fbf0d
3807bab43a40623f856fa9c95a012b1e13bf4e28c1aecf425b1bfe85522aa875
9e18904bdc8ba6ceba052813c85295e96223569c766a4d35f4dc34ebfd97d6a4
afe24a0eff34830714bf290b21f7291fc7000c57b9588ebc5ccb2d069ef0b2d6
3c1769ad786efc178640a7f744e02f048707c72b27d781531f64dd16e1822e9e
bc4b6c56271d4f0fb76b61ef50ee8ca523d31a4495026dfe88a6d64ab201f0cb
2f2348283dd346326645ae7f303c7d3b59681d0984fda5e7b9fd7e1bbc3a082e
SH256 hash:
80ab837385a18dee308ca63438e8e8fe558c132492a29b6cf1fa631d2aa323a1
MD5 hash:
0306584913ea55f3b5f06c09003e23af
SHA1 hash:
3b8e2bf425cfb423cea25c10c9813ee082c43bbd
Link:
https://www.unpac.me/results/b1b1c85a-a22d-45a8-9e6e-40751e2ebe9f/
SH256 hash:
d5388c7c2b3d1d1f78bf05fa921d08da77dbd95bda870dd6586ef454f1baf057
MD5 hash:
b38442ac9576002c1a86151bb7ff6314
SHA1 hash:
c23eb6fd9e5ad95b0617e47636e4cccf1d50c199
Link:
https://www.unpac.me/results/b1b1c85a-a22d-45a8-9e6e-40751e2ebe9f/
Malware family:
RedNet
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/d5388c7c2b3d/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d5388c7c2b3d1d1f78bf05fa921d08da77dbd95bda870dd6586ef454f1baf057

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:MALWARE_Win_RedLine
Create hunting rule
Author:ditekSHen
Description:Detects RedLine infostealer
Rule name:Windows_Trojan_Smokeloader_3687686f
Create hunting rule
Author:Elastic Security

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe d5388c7c2b3d1d1f78bf05fa921d08da77dbd95bda870dd6586ef454f1baf057

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2561884/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2561686/
Cape
Cape
https://www.capesandbox.com/analysis/372765/
  
URLhaus
https://urlhaus.abuse.ch/url/2562862/

Comments