MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d88b3cb4fe652017e6a8e3143af21c21ababa2c16db181efd36efda1d3459c4d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d88b3cb4fe652017e6a8e3143af21c21ababa2c16db181efd36efda1d3459c4d
SHA3-384 hash: 366ec9b690acf4fc05983de958e1780d0947fd14b2fd417c46f87c7db47a45e504af6053f5decf77b8150b345dc37d92
SHA1 hash: aabcf7d0988c8fca23b6f85dd4f3012535ca6755
MD5 hash: 1de542e8919bc484f92edbe7d7f51acc
humanhash: lemon-four-speaker-oranges
File name:1de542e8919bc484f92edbe7d7f51acc.exe
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:7'254'791 bytes
First seen:2023-07-12 09:10:13 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 6011984d7c1f1b97a34d7517a498bff8 (8 x RedLineStealer, 5 x STRRAT, 3 x LummaStealer)
ssdeep 98304:AcoBjotiAnIZZnV29vsgv19TBrHJWGs2NyqeoNE/7SRYY2VymGu/m6zHAlA64TRK:mjOpnIZa9nN9TVHJack+YlGlSRR0
Threatray 78 similar samples on MalwareBazaar
TLSH T1EB76F123B0DA14F1FA73D936B8925022353E9C8CE04629A92CF46ADFE473D285F47B55
TrID 36.9% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
19.5% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
12.4% (.EXE) Win64 Executable (generic) (10523/12/4)
7.7% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
5.9% (.EXE) Win16 NE executable (generic) (5038/12/1)
File icon (PE):PE icon
dhash icon 71f09c9e8eccf071 (1 x RedLineStealer)
Reporter abuse_ch
Tags:exe RedLineStealer


Avatar
abuse_ch
RedLineStealer C2:
95.217.242.105:40309

Intelligence

File Origin
# of uploads :
1
# of downloads :
282
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
1de542e8919bc484f92edbe7d7f51acc.exe
Verdict:
Malicious activity
Analysis date:
2023-07-12 09:11:55 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/b8729755-24c7-4791-a863-2087d4321b4e

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/416755/
Detection(s):
SecuriteInfo.com.W32.ABRisk.FGDQ-5341.23608.26861.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Launching a process
Sending a custom TCP request
Сreating synchronization primitives
Creating a window
Searching for synchronization primitives
DNS request
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/97261/overview
Behaviour
MalwareBazaar
CheckCmdLine
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
lolbin overlay packed shell32
Link:
https://www.filescan.io/uploads/64ae6e2658ac422b7cce1a22/reports/6b81316d-2565-41f1-807b-9c1f854dab5e/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/d88b3cb4fe652017e6a8e3143af21c21ababa2c16db181efd36efda1d3459c4d
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
OWASP
Create hunting rule
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/82ee74a7-b77f-4cd2-ab40-328d095966b7
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/1271582
Signature
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1271582 Sample: PsLyynRLXF.exe Startdate: 12/07/2023 Architecture: WINDOWS Score: 64 21 Snort IDS alert for network traffic 2->21 23 Multi AV Scanner detection for domain / URL 2->23 25 Multi AV Scanner detection for submitted file 2->25 8 PsLyynRLXF.exe 2->8         started        process3 process4 10 javaw.exe 23 8->10         started        dnsIp5 17 imagestorage.top 194.87.82.254, 443, 49697 NFA-ASRU Russian Federation 10->17 19 192.168.2.1 unknown unknown 10->19 13 icacls.exe 1 10->13         started        process6 process7 15 conhost.exe 13->15         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d88b3cb4fe652017e6a8e3143af21c21ababa2c16db181efd36efda1d3459c4d/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3cftznh6muqbpzvi4mkdv4q4egv2xiwbnwyyd36tn362du2ftrgq._file
Verdict:
malicious
Similar samples:
0cc7883198df53af5b4e7d6b14204ea5ab51066a52031f8f814cedccc491bd9a
RedLineStealer
25db06aabf72392be5659c5e97f6202affc2601f2a49d37e73bd534d05f5b275
RedLineStealer
8f54b40666425ce85b4ff251e6e9b6d1942a069968b1b00935455c05b402c33d
RedLineStealer
b20112980114ed9a4db3420863e88e8e9f8f0237a07c63647544dbc79c8a54e7
RedLineStealer
b4c2ff718a6f5c872387c54960848ea4798b78ac9ea50928106cf66a4bdffeb1
RedLineStealer
cb876d17714563ab91449a20ca5c8dc8887b88cdc173067239c34805a096a237
RedLineStealer
cfb5c20ec8d95c35f7edb8743084d4491e43c62c575cf0102b4f6781c50689de
RedLineStealer
ec9c0d6142c588cb2f4c7c4142d3d4717120b722835b2315ce9c2a1d01d6fc10
RedLineStealer
+ 68 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230712-k5k1dadf6s/
Behaviour
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
d88b3cb4fe652017e6a8e3143af21c21ababa2c16db181efd36efda1d3459c4d
MD5 hash:
1de542e8919bc484f92edbe7d7f51acc
SHA1 hash:
aabcf7d0988c8fca23b6f85dd4f3012535ca6755
Link:
https://www.unpac.me/results/1c7fda46-523d-47b4-825d-a7e0de997e0a/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/416755/

Comments