MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dd332eaa29f31b1ab7066a231fc87376208766088f5c43c7f19ed41c51439cfa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dd332eaa29f31b1ab7066a231fc87376208766088f5c43c7f19ed41c51439cfa
SHA3-384 hash: 39bbcd88314b7fb2fb232dac964fa785aa136646ac870488f7b48e1165f28c8226b6ef4cd56ce9b3543329406742d067
SHA1 hash: 318c16a34ed6fb5f5fe8034b000ccc66fa38206b
MD5 hash: 6ad0ed3f45e1e29e3899c7c7be87816d
humanhash: pluto-colorado-north-stairway
File name:6ad0ed3f45e1e29e3899c7c7be87816d.exe
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:1'427'440 bytes
First seen:2022-03-11 17:04:41 UTC
Last seen:2022-03-11 19:17:18 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 979a7092e29dab1d65a2d51b108b10ff (1 x RedLineStealer)
ssdeep 24576:E5kMqJh+P6f+9F/Lufe/+4AsXceaV65wxD0khEt2CUgl7W/1:E5pnP1LUa2ceVcwR52xW/1
Threatray 1'233 similar samples on MalwareBazaar
TLSH T14A65E01D9270AF8FC394BF776691FE6516F05A7688281D5FB823072BF4B36078906227
File icon (PE):PE icon
dhash icon f0e8666e7c168ee9 (1 x RedLineStealer)
Reporter abuse_ch
Tags:exe RedLineStealer

Intelligence

File Origin
# of uploads :
2
# of downloads :
192
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
redline
Create hunting rule
ID:
1
File name:
Setup_x32_x64.exe
Verdict:
Malicious activity
Analysis date:
2022-03-11 01:02:26 UTC
Tags:
evasion trojan rat redline socelars stealer loader opendir backdoor dcrat vidar
Link:
https://app.any.run/tasks/39274772-01ec-4804-bf86-75f8baef1aba

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/249543/
Detection(s):
SecuriteInfo.com.Trojan.PWS.Siggen3.12924.27345.29163.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a window
Searching for analyzing tools
Сreating synchronization primitives
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/622b8148dfdfa8501c8cd8ad/reports/ab0620c9-b473-4dee-b7ab-34266cb8551d/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/1d2f2108-a57b-4c77-bc66-2ac0cbff5692
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/955036
Signature
Connects to many ports of the same IP (likely port scanning)
Detected unpacking (changes PE section rights)
Found potential dummy code loops (likely to delay analysis)
Hides threads from debuggers
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to evade analysis by execution special instruction which cause usermode exception
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/dd332eaa29f31b1ab7066a231fc87376208766088f5c43c7f19ed41c51439cfa/
Threat name:
Win32.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2022-03-11 04:56:09 UTC
File Type:
PE (Exe)
Extracted files:
27
AV detection:
21 of 27 (77.78%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
2d02f6088d94bc1176408e49f1f91f36008eac6bb8f25170b7024e8a60394805
RedLineStealer
7e5dcedbf137cbd90cc7dd9b1eac1849143498a1a0a4f39a296f4490056fd716
RedLineStealer
8bcb157f0ca97d9dddf83e0f0bc6448c7fb82dc522f3cb77bdeae68e01b173e0
RedLineStealer
8c3ef73edfa0ae05e257b02ade9d540c736426d9fa20eb8a923a1acb0d4cb72c
RedLineStealer
b5d887de13d81a6062fe20732f4d6304f094f856d19228b05368fc58fddd1462
RedLineStealer
c0cadcd931ea86f62b006b2d15b95dac7b81d4df23641f60f70aa9ae286d17bc
RedLineStealer
+ 1'223 additional samples on MalwareBazaar
Result
Malware family:
redline
Create hunting rule
Score:
  10/10
Tags:
family:redline infostealer
Link:
https://tria.ge/reports/220311-vlv2caadd9/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of NtSetInformationThreadHideFromDebugger
RedLine
RedLine Payload
Unpacked files
SH256 hash:
e0198d9be37ecf4adfe70b3915d4fe0ebe41144ba9f5741b5fc268b9a9b46000
MD5 hash:
854b3339024c1d35c3867c05cf754d59
SHA1 hash:
fb2a4e80d76e6f1d166e34b5a52fbcaf0a8b4cf6
Link:
https://www.unpac.me/results/0d04fba4-0c8f-41ce-b20d-30c565ac308d/
SH256 hash:
dd332eaa29f31b1ab7066a231fc87376208766088f5c43c7f19ed41c51439cfa
MD5 hash:
6ad0ed3f45e1e29e3899c7c7be87816d
SHA1 hash:
318c16a34ed6fb5f5fe8034b000ccc66fa38206b
Link:
https://www.unpac.me/results/0d04fba4-0c8f-41ce-b20d-30c565ac308d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/dd332eaa29f31b1ab7066a231fc87376208766088f5c43c7f19ed41c51439cfa

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe dd332eaa29f31b1ab7066a231fc87376208766088f5c43c7f19ed41c51439cfa

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1862409/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/249543/

Comments