MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e262f732e6d4044a870708484deec118f9dfc2ddc5681bba97246c6e1d215b73. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 16


Intelligence 16 IOCs 1 YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e262f732e6d4044a870708484deec118f9dfc2ddc5681bba97246c6e1d215b73
SHA3-384 hash: 0db1d964e4e15e75d13446ee0c574c1944089b7a46f9d0dd9fc4dd15daa8eff8e269da6568f36ee368cde88f82d8e350
SHA1 hash: 8aabb5acfa58db7371bb8581b204a6885bd22d5e
MD5 hash: c451d6b2607bb91b2afc4f7441c23044
humanhash: echo-robert-double-orange
File name:e262f732e6d4044a870708484deec118f9dfc2ddc5681.exe
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:386'560 bytes
First seen:2022-04-15 20:15:49 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 93d269edc227d0c1d6f3aa0ec57cecc8 (2 x RedLineStealer)
ssdeep 6144:vMGxufPJH4VXfePdfxGBAeIkVquojERG+4sdo3/+piuO0ENmkTgS3:0pPJYVXfefGaNlBERG+li/+kupamkD
Threatray 5'806 similar samples on MalwareBazaar
TLSH T14684D080BBB0D03DE4B752F4797682A8793A7DA15B7450CB22D276EE16386E0DC7530B
TrID 48.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
16.4% (.EXE) Win64 Executable (generic) (10523/12/4)
10.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
7.0% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 1e65656565a58558 (2 x RedLineStealer, 2 x RiseProStealer, 1 x Mercurial)
Reporter abuse_ch
Tags:exe RedLineStealer


Avatar
abuse_ch
RedLineStealer C2:
91.237.235.17:45742

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
91.237.235.17:45742 https://threatfox.abuse.ch/ioc/520287/

Intelligence

File Origin
# of uploads :
1
# of downloads :
350
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
redline
Create hunting rule
ID:
1
File name:
e262f732e6d4044a870708484deec118f9dfc2ddc5681.exe
Verdict:
Malicious activity
Analysis date:
2022-04-15 20:16:51 UTC
Tags:
redline
Link:
https://app.any.run/tasks/965fab11-f069-4cd0-be33-bc06754a0989

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
RedLine
Create hunting rule
Link:
https://www.capesandbox.com/analysis/264025/
Detection(s):
SecuriteInfo.com.Trojan.PWS.Stealer.32841.973.8918.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/13988/overview
Behaviour
MalwareBazaar
MeasuringTime
SystemUptime
EvasionGetTickCount
CheckCmdLine
EvasionQueryPerformanceCounter
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
azorult greyware packed
Link:
https://www.filescan.io/uploads/6259d282eab80a7a6c1f23bb/reports/f2709afc-5fdd-401a-a076-73a4c4fa54a6/overview
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Malicious Packer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/dff8e08a-299c-49ef-88e4-c586d46ce54e
Result
Threat name:
RedLine
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/977536
Signature
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected RedLine Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e262f732e6d4044a870708484deec118f9dfc2ddc5681bba97246c6e1d215b73/
Threat name:
Win32.Trojan.Azorult
Create hunting rule
Status:
Malicious
First seen:
2022-04-15 17:47:55 UTC
File Type:
PE (Exe)
Extracted files:
22
AV detection:
22 of 26 (84.62%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=4jrpomxg2qcevbyhbbee33wbdd457qw5yvubxouxerwg4hjblnzq._file
Verdict:
malicious
Similar samples:
34114068f879bb490e6ea528cf7f05cfc2af45c9fc020d6a8695ca0500ea2f2d
RedLineStealer
54d96050623da680c1b70f337ad421212655f7172d22b95c7953135bf89d55f0
RedLineStealer
9b7899a6be0827fe4b1fa337172f144fe707067d18cbc003d9cb6333cf22914b
RedLineStealer
b111141595018d6980a609315f572f827d7fa913454a785eebc7376019ece195
RedLineStealer
b54930e793f340f807ab2492ea8dd18263ff267706e9b31ac4ce71e9c5fa7c4c
RedLineStealer
ca073d12918385962188c80d05b26317f391a0b5aef037ba84f9cf26c5ae3d8d
RedLineStealer
+ 5'796 additional samples on MalwareBazaar
Result
Malware family:
redline
Create hunting rule
Score:
  10/10
Tags:
family:redline botnet:fc_15_b discovery infostealer spyware stealer
Link:
https://tria.ge/reports/220415-y14htaefgj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Reads user/profile data of web browsers
RedLine
RedLine Payload
Malware Config
C2 Extraction:
91.237.235.17:45742
Unpacked files
SH256 hash:
5cdbb305985512db927b89ab2ac726131d069bd67ced8e84d2e9f199cc84f06f
MD5 hash:
c2597e94a81086bba900053c36cc6583
SHA1 hash:
ea9c967ca5b596347357cb68bf5cb9b7c1877130
Link:
https://www.unpac.me/results/39ee180c-2108-4ef5-a0ab-1ead364585c3/
SH256 hash:
36a13f1140f95777756227304b28499a42a19c554e8c50f2d4b68ed9fd77250a
MD5 hash:
e8309b0751c801f089a0ef3ad06e49e6
SHA1 hash:
47815ea77253622eb272468928d77fc3d708fc73
Link:
https://www.unpac.me/results/39ee180c-2108-4ef5-a0ab-1ead364585c3/
SH256 hash:
9aaa97b8008997de9f3a9fe2458af435c7d1eedb6ed3ce3137a4edb1cfe6747c
MD5 hash:
e847b304409537fc3fe0fc920cf5fcc2
SHA1 hash:
3494031345be6983331907f846dfe00179e1b09a
Link:
https://www.unpac.me/results/39ee180c-2108-4ef5-a0ab-1ead364585c3/
SH256 hash:
e262f732e6d4044a870708484deec118f9dfc2ddc5681bba97246c6e1d215b73
MD5 hash:
c451d6b2607bb91b2afc4f7441c23044
SHA1 hash:
8aabb5acfa58db7371bb8581b204a6885bd22d5e
Link:
https://www.unpac.me/results/39ee180c-2108-4ef5-a0ab-1ead364585c3/
Malware family:
RedNet
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/e262f732e6d4/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e262f732e6d4044a870708484deec118f9dfc2ddc5681bba97246c6e1d215b73

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/264025/

Comments