MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d65af40d1d5ec1d645856dce1e82c0dd7bf2649f8cb8433414e632784600971c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d65af40d1d5ec1d645856dce1e82c0dd7bf2649f8cb8433414e632784600971c
SHA3-384 hash: 0c098037281141a4ac3eabe0cf5a50b90e5d42c3faaee4c2e5c90cd3e384003019459958af61dc631fffcedd3b6ba236
SHA1 hash: 2916539936926f84ffe6ca49f4ff5d81f08f455d
MD5 hash: ae4578eee167dcd60472f2e1faaf2ce3
humanhash: carolina-twelve-delaware-lake
File name:ae4578eee167dcd60472f2e1faaf2ce3.exe
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:1'708'768 bytes
First seen:2022-03-23 20:01:59 UTC
Last seen:2022-03-25 07:10:11 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 6dac63c7d3ffde0be5101e255111f557 (1 x RedLineStealer)
ssdeep 49152:YOTFxahDguyJh/aQ6dIXjwLrvkyq+3L5e:YOTFIh/yJhiQ668X8aL5e
Threatray 841 similar samples on MalwareBazaar
TLSH T1AF85332461F6AD32C9537178C0B38EAE9D84F315B52F67E1402D7CAC38AC9976CB69C4
File icon (PE):PE icon
dhash icon f0f0f0f0e8f0f072 (1 x RedLineStealer)
Reporter abuse_ch
Tags:exe RedLineStealer

Intelligence

File Origin
# of uploads :
2
# of downloads :
203
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/256860/
Detection(s):
Win.Packed.Obsidium-9942120-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Searching for analyzing tools
Searching for the window
Сreating synchronization primitives
DNS request
Sending a custom TCP request
Using the Windows Management Instrumentation requests
Reading critical registry keys
Query of malicious DNS domain
Sending a TCP request to an infection source
Stealing user critical data
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/623b7cf30cd58dbd92e1389a/reports/d8af273c-bb07-4eef-83d3-d237eb56dc16/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/da899deb-83f0-489b-b12e-3bdca18d2d3e
Result
Threat name:
RedLine
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/963145
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d65af40d1d5ec1d645856dce1e82c0dd7bf2649f8cb8433414e632784600971c/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-03-22 16:09:31 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 26 (88.46%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
a840cd858cccf8279b5760c864fd0f8918c71727ba1d852e07c2c0e9f0aad0b5
RedLineStealer
bbd758f37aeef6a57927c486286c6d4725901ecb399ca9b26a0a0936a5b1050b
RedLineStealer
ddf1bac1a33f6668bd6606659c30f6e63d4674fc9b482d0a3d37601a818a67b8
RedLineStealer
e347cd6db9c802638a546510c858928f9e69325d092c937ef3f33497d7d8c844
RedLineStealer
eed3dc3bd8fe006447ebd633cd8ce00a38f96c69f05d7a621c852ef2c45192ae
RedLineStealer
fb3104bd722fc507244ba989afa2ee924f43fbdfd617973ebdf6b8f8f9478ea0
RedLineStealer
+ 831 additional samples on MalwareBazaar
Result
Malware family:
redline
Create hunting rule
Score:
  10/10
Tags:
family:redline discovery infostealer spyware stealer
Link:
https://tria.ge/reports/220323-yr6ltaaeb8/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of NtSetInformationThreadHideFromDebugger
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Reads user/profile data of web browsers
RedLine
RedLine Payload
Unpacked files
SH256 hash:
8d9991c793c6a144f28cdb658532f37a2c8c82f3036f214a9d16b5a2813ff590
MD5 hash:
a06335b2440afe1af71d570dfe8558e3
SHA1 hash:
9e5f64789d1778d003135b48e302af332d99b71d
Link:
https://www.unpac.me/results/629a153d-2c1d-4615-b4ab-bad9709037d1/
SH256 hash:
d65af40d1d5ec1d645856dce1e82c0dd7bf2649f8cb8433414e632784600971c
MD5 hash:
ae4578eee167dcd60472f2e1faaf2ce3
SHA1 hash:
2916539936926f84ffe6ca49f4ff5d81f08f455d
Link:
https://www.unpac.me/results/629a153d-2c1d-4615-b4ab-bad9709037d1/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Redline
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d65af40d1d5ec1d645856dce1e82c0dd7bf2649f8cb8433414e632784600971c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe d65af40d1d5ec1d645856dce1e82c0dd7bf2649f8cb8433414e632784600971c

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2111791/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/256860/

Comments