MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e3dc88957f69ac53592f805873d387d17843db4ec0a0fa3dfd833f0a7a4d387a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RedLineStealer

Vendor detections: 14

Intelligence 14 IOCs YARA 1 File information Comments

SHA256 hash:	e3dc88957f69ac53592f805873d387d17843db4ec0a0fa3dfd833f0a7a4d387a
SHA3-384 hash:	e1b5d3d1845dd12e7f1e4e41900a524587ae4c514d476ff4b670feab2ff6f1e7f8b10d74b674f21657c4fe03b1e73a8a
SHA1 hash:	860520196bbb54e8ed18e4644394c9ca7826bc20
MD5 hash:	ee903fe5cda8fc7a0305c6b374de5f69
humanhash:	snake-hamper-arkansas-emma
File name:	ee903fe5cda8fc7a0305c6b374de5f69.exe
Download:	download sample
Signature	RedLineStealer Create hunting rule
File size:	456'192 bytes
First seen:	2021-10-15 07:44:18 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	fca1d58205e9c77175b87324501ec95c (1 x RedLineStealer, 1 x RaccoonStealer, 1 x Smoke Loader)
ssdeep	12288:CXUhm4mpWJexbM9uRA9TD2Smm4l4l/JQauB:qUhvJeI59TCm5b
Threatray	95 similar samples on MalwareBazaar
TLSH	T1A7A4BF10F6A0C035F1F312F95AB5A368A53E7AA0A73494CF62D41AEE5734AE1EC31357
File icon (PE):
dhash icon	ead8ac9cc6a68ee0 (93 x RedLineStealer, 50 x RaccoonStealer, 15 x Smoke Loader)
Reporter	abuse_ch
Tags:	exe RedLineStealer

Intelligence

File Origin

# of uploads :

# of downloads :

206

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

ee903fe5cda8fc7a0305c6b374de5f69.exe

Verdict:

Suspicious activity

Analysis date:

2021-10-15 07:52:13 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/2d041e3e-3bfc-4494-b1e7-d5e44101608c

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

RedLine

Link:

https://www.capesandbox.com/analysis/197692/

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

greyware packed

Link:

https://www.filescan.io/uploads/61693186fd35fe780c426d58/reports/0ed5a028-4879-4adc-a6f1-df5ef4b3137c/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Malicious Packer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/1a63a6e8-b8f2-4978-9843-4f5a3a40e0eb

Result

Threat name:

RedLine

Detection:

malicious

Classification:

troj.evad

Score:

76 / 100

Link:

https://www.joesandbox.com/analysis/870998

Signature

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Yara detected RedLine Stealer

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/e3dc88957f69ac53592f805873d387d17843db4ec0a0fa3dfd833f0a7a4d387a/

Threat name:

Win32.Trojan.Jaik

Status:

Malicious

First seen:

2021-10-15 07:45:10 UTC

AV detection:

25 of 44 (56.82%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=4poirfl7ngwfgwjpqbmhhu4h2f4ehw2oycqpupp5qm7qu6snhb5a._file

Verdict:

malicious

RedLineStealer

5c4ed9fd9a7d3408b9a7d39b5c14ac9ca1ea516026f3ad2a5ace2dffc92cf220

RedLineStealer

63111192795dce2d1f91e5065f9878da7e3a0f025e284f96130bebda1b11ffe7

RedLineStealer

6c0a4f788136a3d56f31efaa5c0cf49b5769dced978a8ed0e45dc64ba766cadf

RedLineStealer

800346e0531230e0cde13dad6e6795fbf298fdc95c97481f6c28c4a1043227ce

RedLineStealer

957818fe99ed9cbbbd5c7a1da5af7fe3db3f7623e19ab47c932076df855eb0c1

RedLineStealer

f880f1bdad4b6022e1ec7de81fdd9276f023dee04c56068698e88db70038886a

RedLineStealer

f8c47fd2c8c26ffb7475a9286df27a5e7f35a496d9671351be629deaf16818b4

RedLineStealer

+ 85 additional samples on MalwareBazaar

Result

Malware family:

redline

Score:

10/10

Tags:

family:redline infostealer

Link:

https://tria.ge/reports/211015-jlfe4sbddl/

Behaviour

RedLine

RedLine Payload

Unpacked files

SH256 hash:

812d22db0abce8906a7a609aef3f59aaebb4626e0dd0f44bd36d718f68f2263e

MD5 hash:

e184239452cabec16de4a09a34b353a5

SHA1 hash:

8f947aa469c447166b4f3fce61286d9a5322a29e

Link:

https://www.unpac.me/results/0a1ce9dc-b359-41ec-9c49-d9cac8b9e065/

SH256 hash:

3cd4177a5b9b119c62aab910d122c8b5de267734215debcffe440977c7fe8561

MD5 hash:

fb27ef4e747074ac183bf467478974b6

SHA1 hash:

70dbdb7d34da43d74129e0c8f705bb16b312ef7b

Link:

https://www.unpac.me/results/0a1ce9dc-b359-41ec-9c49-d9cac8b9e065/

SH256 hash:

9e60163586be81d2127bb480b84f19e57a6b5275097ccaea640c9aade6c87493

MD5 hash:

3d14606c7adcf5931c21f0bd546821de

SHA1 hash:

2f2bd9c7ae31f1596d0139ca54d029c2bd908a45

Link:

https://www.unpac.me/results/0a1ce9dc-b359-41ec-9c49-d9cac8b9e065/

SH256 hash:

e3dc88957f69ac53592f805873d387d17843db4ec0a0fa3dfd833f0a7a4d387a

MD5 hash:

ee903fe5cda8fc7a0305c6b374de5f69

SHA1 hash:

860520196bbb54e8ed18e4644394c9ca7826bc20

Link:

https://www.unpac.me/results/0a1ce9dc-b359-41ec-9c49-d9cac8b9e065/

Malware family:

RedNet

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/e3dc88957f69/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/e3dc88957f69ac53592f805873d387d17843db4ec0a0fa3dfd833f0a7a4d387a

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.