MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d74461873f8d893100c0e403c7c6a226f599ea460ec8728e1710abaec1340753. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 16


Intelligence 16 IOCs YARA 10 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d74461873f8d893100c0e403c7c6a226f599ea460ec8728e1710abaec1340753
SHA3-384 hash: d9ab217e68683e55157fd5a749ba64da503506f3ffbc1cf9f39223b696427fd765cc8905b975702c996370e44bbcb250
SHA1 hash: 73f0c7558a803a1f5baaaac5291c67032ac3c45d
MD5 hash: 49eff33842dda3fcb861cfeeb65d7029
humanhash: magazine-ohio-wyoming-oklahoma
File name:d74461873f8d893100c0e403c7c6a226f599ea460ec8728e1710abaec1340753
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:716'288 bytes
First seen:2025-12-08 14:57:25 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'742 x AgentTesla, 19'607 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 12288:ngZfSdz7hXIQ0K02IaRd9Xbk8JxrwLxLhIcH9hYd6vEgvWEu5fH2XdH:iSdHWd29FxrwxHH9hYwl+z5/kdH
Threatray 417 similar samples on MalwareBazaar
TLSH T186E4124E6EA5EBBAC92C0B378007780D86E74649F570F7AE6CD99DE50D24A91D80F203
TrID 69.7% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
10.0% (.EXE) Win64 Executable (generic) (10522/11/4)
6.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.2% (.EXE) Win32 Executable (generic) (4504/4/1)
1.9% (.EXE) Win16/32 Executable Delphi generic (2072/23)
Magika pebin
Reporter adrian__luca
Tags:exe RedLineStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
HU HU
Vendor Threat Intelligence
Malware configuration found for:
DeepSea
Details
DeepSea
DeepSea decrypted strings
Link:
https://research.acce.ciphertechsolutions.com/results/bd538d4b-3c45-44b8-997a-8957b7ce04fc/
Malware family:
agenttesla
Create hunting rule
ID:
1
File name:
d74461873f8d893100c0e403c7c6a226f599ea460ec8728e1710abaec1340753
Verdict:
Malicious activity
Analysis date:
2025-12-08 19:17:41 UTC
Tags:
stealer ultravnc rmm-tool telegram exfiltration agenttesla ims-api generic
Link:
https://app.any.run/tasks/0139970f-73b9-4ea3-b7ed-b94ebcf9d0bd

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
AgentTesla
Create hunting rule
Link:
https://www.capesandbox.com/analysis/43255/
Verdict:
Malicious
Score:
90.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6936e7d1881313558a2b8953
Tags:
shell virus micro lien
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
infostealer obfuscated packed stealer
Link:
https://www.filescan.io/uploads/6936e794d12d1c79d42accdb/reports/e9fb207e-1a38-4860-a2ad-5e1ce4bc3d1a/overview
Verdict:
Malicious
Labled as:
Genie.8DN.Generic
Link:
https://www.hybrid-analysis.com/sample/d74461873f8d893100c0e403c7c6a226f599ea460ec8728e1710abaec1340753
Verdict:
Malicious
File Type:
exe x32
First seen:
2025-11-13T23:33:00Z UTC
Last seen:
2025-12-09T18:38:00Z UTC
Hits:
~100
Link:
https://opentip.kaspersky.com/d74461873f8d893100c0e403c7c6a226f599ea460ec8728e1710abaec1340753/results?tab=lookup
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/6201d465-554d-4c94-bde0-3a0188846ade
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/d74461873f8d893100c0e403c7c6a226f599ea460ec8728e1710abaec1340753
Verdict:
inconclusive
YARA:
10 match(es)
Tags:
.Net Executable Managed .NET PE (Portable Executable) PE File Layout SOS: 0.36 Win 32 Exe x86
Link:
https://app.malva.re/file/49eff33842dda3fcb861cfeeb65d7029
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d74461873f8d893100c0e403c7c6a226f599ea460ec8728e1710abaec1340753/
Threat name:
Win32.Trojan.InfostealerTesla
Create hunting rule
Status:
Malicious
First seen:
2025-11-14 02:21:07 UTC
AV detection:
20 of 24 (83.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=25cgdbz7rwetcaga4qb4prvce32zt2sgb3ehfdqxccv25qjua5jq._file
Verdict:
malicious
Label(s):
unc_loader_001
Create hunting rule
agenttesla
Create hunting rule
unc_loader_037
Create hunting rule
xworm
Create hunting rule
Similar samples:
3d60993b1ca1c6786c9c2fe6c6b7c2574fcfa5e28101181f7c29c6c5ddf54c37
RedLineStealer
5937ec8f18e55b4cf85388c886992ecf7ada1a3a0ba17688e4fa6ecb2f9f81f6
RedLineStealer
a5a4a5447b51ed494efaaabe4359b3e674185659f491dc2202f4082fbf2e4db5
RedLineStealer
error
RedLineStealer
fa3214688079a8dae069fc05ff4f142417c15c0c4a949d0fd6640181c701a286
RedLineStealer
+ 407 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla discovery execution keylogger spyware stealer trojan
Link:
https://tria.ge/reports/251208-sbwh1se15f/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Suspicious use of SetThreadContext
Checks computer location settings
Reads WinSCP keys stored on the system
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Command and Scripting Interpreter: PowerShell
AgentTesla
Agenttesla family
Malware Config
C2 Extraction:
https://api.telegram.org/bot8338381689:AAHY9G-ZqfCyXE5FRPzYoHIg4HrDCWBX1u4/
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/e18a6515-eb91-4179-b6ae-d95dfbb564b4
Unpacked files
SH256 hash:
d74461873f8d893100c0e403c7c6a226f599ea460ec8728e1710abaec1340753
MD5 hash:
49eff33842dda3fcb861cfeeb65d7029
SHA1 hash:
73f0c7558a803a1f5baaaac5291c67032ac3c45d
Link:
https://www.unpac.me/results/2623da56-011d-4f50-9520-c312b7897e1c/
SH256 hash:
12742947dd3e8e37e4ef665d4b9f8e61ee3f5c4ea76c9dbbdbb4be6b746639e8
MD5 hash:
a028c2c8838413b9e7c980f3495feec6
SHA1 hash:
254c1c8232653afae338fbc12ff55ded2dfaa603
Detections:
win_samsam_auto
Create hunting rule
SUSP_OBF_NET_Reactor_Native_Stub_Jan24
Create hunting rule
MAL_Malware_Imphash_Mar23_1
Create hunting rule
MetaStealer_NET_Reactor_packer
Create hunting rule
MALWARE_Win_RedLine
Create hunting rule
Link:
https://www.unpac.me/results/2623da56-011d-4f50-9520-c312b7897e1c/
Parent samples :
3d60993b1ca1c6786c9c2fe6c6b7c2574fcfa5e28101181f7c29c6c5ddf54c37
1458ff285f336ebbbe603f0dfd583509196ce9808b0f1a318d2ec97766bc9615
218828c21b545913e8527389ce353dadb66e463c9e2e2c9c98d637153bd86db4
62e13d9a9ce92c9dddd05a616acb12d06cfe831804eab2537f77aaad11927882
b03a20f72bbafa480554ad04df45c09a7b6e558c9e2dd9eaaae92b61a3c9097b
0571d6e01dadf196d8ee4f5969a6c7849543176071e49c59808db83883a4bf37
486ea58428834b55490c2461263c3837c49fa6babe1ccfcefe8c4f52d6c7a93e
4af5db610edacc7a028990bf0c84a075d186b0f780d512601b353aebb0cafabd
d74461873f8d893100c0e403c7c6a226f599ea460ec8728e1710abaec1340753
SH256 hash:
f1072fc3886abd33721261f863aacbdb43cff53f717b5077caad039836f2de41
MD5 hash:
fb1261157c3816e00e7577cdac5c8a72
SHA1 hash:
3c781a4aff2c219c81a25b5871d41d2456141aed
Detections:
SUSP_OBF_NET_ConfuserEx_Name_Pattern_Jan24
Create hunting rule
SUSP_OBF_NET_Reactor_Indicators_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/2623da56-011d-4f50-9520-c312b7897e1c/
SH256 hash:
f44a97ba959a2f1b2154d69c4d118fd16bc5608f7f1dcf4f36bd44c6543b3b9a
MD5 hash:
64a9dd1563f828735d8bb70617bd4d5a
SHA1 hash:
85cfa4ff543dc85b7c8247876c9a8bee99cd9091
Link:
https://www.unpac.me/results/2623da56-011d-4f50-9520-c312b7897e1c/
SH256 hash:
afb20ebed1c94e481f604c00da55157c999379612c5c6588b18e79288f963bc9
MD5 hash:
f730633792fc409a5c956f34d5bbac3a
SHA1 hash:
22aa15e1c527cf41d038f81062df44df8fa1ee89
Detections:
RedLine_Campaign_June2021
Create hunting rule
Agenttesla_type2
Create hunting rule
INDICATOR_EXE_Packed_GEN01
Create hunting rule
INDICATOR_SUSPICIOUS_Binary_References_Browsers
Create hunting rule
INDICATOR_SUSPICIOUS_EXE_References_Confidential_Data_Store
Create hunting rule
INDICATOR_SUSPICIOUS_EXE_References_Messaging_Clients
Create hunting rule
INDICATOR_SUSPICIOUS_EXE_Referenfces_File_Transfer_Clients
Create hunting rule
INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID
Create hunting rule
Link:
https://www.unpac.me/results/2623da56-011d-4f50-9520-c312b7897e1c/
Parent samples :
3d60993b1ca1c6786c9c2fe6c6b7c2574fcfa5e28101181f7c29c6c5ddf54c37
1458ff285f336ebbbe603f0dfd583509196ce9808b0f1a318d2ec97766bc9615
218828c21b545913e8527389ce353dadb66e463c9e2e2c9c98d637153bd86db4
62e13d9a9ce92c9dddd05a616acb12d06cfe831804eab2537f77aaad11927882
b03a20f72bbafa480554ad04df45c09a7b6e558c9e2dd9eaaae92b61a3c9097b
0571d6e01dadf196d8ee4f5969a6c7849543176071e49c59808db83883a4bf37
486ea58428834b55490c2461263c3837c49fa6babe1ccfcefe8c4f52d6c7a93e
4af5db610edacc7a028990bf0c84a075d186b0f780d512601b353aebb0cafabd
d74461873f8d893100c0e403c7c6a226f599ea460ec8728e1710abaec1340753
SH256 hash:
d2a02eb5e3ed9721d3fff3b9a335e432b478472a52b92916db86a27c247e49cd
MD5 hash:
339e790cf6f1cbb8697ba4ac8a6be442
SHA1 hash:
c3b50cc903d72a7c1ef06a26d44378a0f798ce75
Detections:
Agenttesla_type2
Create hunting rule
INDICATOR_EXE_Packed_GEN01
Create hunting rule
INDICATOR_SUSPICIOUS_Binary_References_Browsers
Create hunting rule
INDICATOR_SUSPICIOUS_EXE_References_Confidential_Data_Store
Create hunting rule
INDICATOR_SUSPICIOUS_EXE_References_Messaging_Clients
Create hunting rule
INDICATOR_SUSPICIOUS_EXE_Referenfces_File_Transfer_Clients
Create hunting rule
INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID
Create hunting rule
Link:
https://www.unpac.me/results/2623da56-011d-4f50-9520-c312b7897e1c/
Parent samples :
3d60993b1ca1c6786c9c2fe6c6b7c2574fcfa5e28101181f7c29c6c5ddf54c37
1458ff285f336ebbbe603f0dfd583509196ce9808b0f1a318d2ec97766bc9615
218828c21b545913e8527389ce353dadb66e463c9e2e2c9c98d637153bd86db4
62e13d9a9ce92c9dddd05a616acb12d06cfe831804eab2537f77aaad11927882
b03a20f72bbafa480554ad04df45c09a7b6e558c9e2dd9eaaae92b61a3c9097b
0571d6e01dadf196d8ee4f5969a6c7849543176071e49c59808db83883a4bf37
486ea58428834b55490c2461263c3837c49fa6babe1ccfcefe8c4f52d6c7a93e
4af5db610edacc7a028990bf0c84a075d186b0f780d512601b353aebb0cafabd
d74461873f8d893100c0e403c7c6a226f599ea460ec8728e1710abaec1340753
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:MALWARE_Win_RedLine
Create hunting rule
Author:ditekSHen
Description:Detects RedLine infostealer
Rule name:MAL_Malware_Imphash_Mar23_1
Create hunting rule
Author:Arnim Rupp
Description:Detects malware by known bad imphash or rich_pe_header_hash
Reference:https://yaraify.abuse.ch/statistics/
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:NETexecutableMicrosoft
Create hunting rule
Author:malware-lu
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash
Rule name:win_samsam_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/43255/

Comments