MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dbf8b13861ad9ae9876d690e9ec5c2853ece7305ac1dc30a403736e9d76f32e5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RedLineStealer

Vendor detections: 11

Intelligence 11 IOCs YARA 1 File information Comments

SHA256 hash:	dbf8b13861ad9ae9876d690e9ec5c2853ece7305ac1dc30a403736e9d76f32e5
SHA3-384 hash:	7e34f9e76d3e746b3dbf8d4a83da45f873bb9445a65f4e87c277e42ad26cd640eb626d447440a80d3741c105ad576146
SHA1 hash:	67502ca7e00d44f660d493aa2a6fcd62052b4fd9
MD5 hash:	1de9864d315c685084ffc092c5d3eb4f
humanhash:	beryllium-monkey-zebra-sink
File name:	1de9864d315c685084ffc092c5d3eb4f.exe
Download:	download sample
Signature	RedLineStealer Create hunting rule
File size:	339'968 bytes
First seen:	2021-10-02 15:53:54 UTC
Last seen:	2021-10-02 17:24:34 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	848a7504f9e97d3a5e7cf95079b638a5 (9 x RedLineStealer, 4 x RaccoonStealer, 3 x ArkeiStealer)
ssdeep	6144:Wv3pBGU9bPwiSpsMMvTnHC8yCBpmV5Q+9nebSI+oLAGGusX5:WfvL9bPopybCKmV5Q3lAGGP
Threatray	7'885 similar samples on MalwareBazaar
TLSH	T14574BE30A7E0C030F5B752F945BA93B9B8297EB19B2850CB53D42AEA56346F4DC30797
File icon (PE):
dhash icon	e0e8e8e8aa66a499 (32 x RaccoonStealer, 23 x RedLineStealer, 14 x ArkeiStealer)
Reporter	abuse_ch
Tags:	exe RedLineStealer

Intelligence

File Origin

# of uploads :

# of downloads :

157

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

1de9864d315c685084ffc092c5d3eb4f.exe

Verdict:

Suspicious activity

Analysis date:

2021-10-02 15:55:58 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/1980ec5f-391c-4289-89b5-be9e471866f8

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/194209/

Detection(s):

SecuriteInfo.com.W32.AIDetect.malware2.21447.14628.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Connection attempt to an infection source

Malware family:

Generic Malware

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/cc4b8aae-9660-47a9-a71a-7dba7d15c978

Result

Threat name:

RedLine

Detection:

malicious

Classification:

troj.evad

Score:

76 / 100

Link:

https://www.joesandbox.com/analysis/863216

Signature

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Found malware configuration

Machine Learning detection for sample

Yara detected RedLine Stealer

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/dbf8b13861ad9ae9876d690e9ec5c2853ece7305ac1dc30a403736e9d76f32e5/

Threat name:

Win32.Backdoor.Tofsee

Status:

Malicious

First seen:

2021-10-02 15:54:28 UTC

AV detection:

18 of 45 (40.00%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=3p4lcodbvwnotb3nnehj5rocqu7m44yfvqo4gcsag43otv3pglsq._file

Verdict:

malicious

RedLineStealer

321d63317ced77342c3941d1eaeb6afda9399d15fe0716db550ebc2c793d4bb2

RedLineStealer

368a59033bc9effc4ca64d325c7d3c20e45b7f49deb138d7d532335037f81223

RedLineStealer

4db1b043b67049d92f8e96c2db44daebaf453d9ee832eacdc6c9401cf77b5c36

RedLineStealer

6c37269f0433c2184fd46355e7e2cab1c4cb397d285d3653ab9aa30ebacb30b0

RedLineStealer

7b440bf2809f46380e48a7d4f5d8644f457734f628a5cd86cb07e8af17d03354

RedLineStealer

9bd5b5a4861e70c75a4d065c9d324b46cb880021a4feb524632b9b50a80b1163

RedLineStealer

a60659139ff3a9e6a4a482e060e301c83a25a02227308f6f572d79cc95c63dce

RedLineStealer

ac907c58399649af9014f1bda35513f6de3527f699a7e927d17127136df440c3

RedLineStealer

d4bcfc7eac31ab3310de4fe8feb66dc6e1d9555493722b50c6fab5d03c4f290d

RedLineStealer

+ 7'875 additional samples on MalwareBazaar

Result

Malware family:

redline

Score:

10/10

Tags:

family:redline botnet:pub infostealer

Link:

https://tria.ge/reports/211002-tb73gsefbk/

Behaviour

RedLine

RedLine Payload

Malware Config

C2 Extraction:

45.9.20.20:13441

Unpacked files

SH256 hash:

7de1f501c6f4edfbb3e61dda5d445b4482235420e19cd3e193ae3be26d374367

MD5 hash:

858ebd87027f4c3adcb5e2c59ec5161c

SHA1 hash:

f758ceef9690fb7430c910fcffd71c0cdb456834

Link:

https://www.unpac.me/results/7ebeb1f0-7577-4be4-8239-8c6eaf931e8f/

SH256 hash:

541526a7b80a64b50c770517545d25c0515a146c3ddc5600a65d91cfdaf5e3a0

MD5 hash:

d964fece1f6eade1b3b0ab1ca479d7e1

SHA1 hash:

cf6948b22255272da7d81e38a936ee90b95c17ee

Link:

https://www.unpac.me/results/7ebeb1f0-7577-4be4-8239-8c6eaf931e8f/

SH256 hash:

4e04bba712969aa15782d796bd66233e30de2ceb2fd6f23f8ec88b64b4857636

MD5 hash:

26e6a498e6fdb35574c6a6e51e0b7d1c

SHA1 hash:

394bd2b1362a1fe2fb96cc69971fa08c43bcbf14

Link:

https://www.unpac.me/results/7ebeb1f0-7577-4be4-8239-8c6eaf931e8f/

SH256 hash:

dbf8b13861ad9ae9876d690e9ec5c2853ece7305ac1dc30a403736e9d76f32e5

MD5 hash:

1de9864d315c685084ffc092c5d3eb4f

SHA1 hash:

67502ca7e00d44f660d493aa2a6fcd62052b4fd9

Link:

https://www.unpac.me/results/7ebeb1f0-7577-4be4-8239-8c6eaf931e8f/

Malware family:

RedLine.A

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/dbf8b13861ad/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/dbf8b13861ad9ae9876d690e9ec5c2853ece7305ac1dc30a403736e9d76f32e5

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.