MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e8406edde4743eec38d88fd58f2c79b11d09d76bcd57b757cdf5844ea5bd55e7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RedLineStealer

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	e8406edde4743eec38d88fd58f2c79b11d09d76bcd57b757cdf5844ea5bd55e7
SHA3-384 hash:	b614dd5e617eece6e4168d3890cc955727f36de239e09a875951860fdd6ed5e3d8e0480cfc0037d4446f98edd6e6e37b
SHA1 hash:	5348c2874b278b595090dd66531e1b9afd665ade
MD5 hash:	470ced904ad8c4bc042e5dad18a2d800
humanhash:	happy-speaker-spring-hamper
File name:	SecuriteInfo.com.Gen.Variant.Razy.624632.14670.13107
Download:	download sample
Signature	RedLineStealer Create hunting rule
File size:	882'176 bytes
First seen:	2020-06-26 05:33:45 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	bf5a4aa99e5b160f8521cadd6bfe73b8 (432 x RedLineStealer, 31 x AgentTesla, 12 x DCRat)
ssdeep	24576:Fk70Trc4cgeGYxP/P+F9MXBAxi/ROlGY2CCm:FkQTA4cBGYZ/GPI9sGY2CL
Threatray	229 similar samples on MalwareBazaar
TLSH	5F15122075E1D1B7C5BB153498E2CBB95AB57030A7B692C7778C13FA1E213E1A3352CA
Reporter	SecuriteInfoCom
Tags:	RedLineStealer

Intelligence

File Origin

# of uploads :

1

# of downloads :

79

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/14563/

Detection(s):

SecuriteInfo.com.Gen.Variant.Razy.624632.14670.13107.UNOFFICIAL

PUA.Win.Downloader.Aiis-6803892-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Launching a process

Creating a file

Connection attempt

Running batch commands

Using the Windows Management Instrumentation requests

Searching for the window

Forced system process termination

Forced shutdown of a system process

Launching a tool to kill processes

Unauthorized injection to a system process

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/e8406edde4743eec38d88fd58f2c79b11d09d76bcd57b757cdf5844ea5bd55e7/

Threat name:

Win32.Trojan.Kryptik

Status:

Malicious

First seen:

2020-06-23 22:36:38 UTC

AV detection:

29 of 31 (93.55%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=5bag5xpeoq7oyogyr7ky6ldzweoqtv3lzvl3ov6n6wce5jn5kxtq._file

Verdict:

malicious

Similar samples:

1681aa9c53703a91a8feb2296051bffc02763c1663e8e50113d51c4b7cb37378

262e75b938cc8b65820cf4015f33ab3db363eb7a968c23bdd48e7a680d97a9f7

3a433d9d40efde586b6da1409014e23c3c08a668f3148682524406f852e239af

5c164b47abfcecfc8f75d220cffbe8a9de97cf956154783aae6d885c180c1e8d

62824d9a353a539053724252d3710008e5894f3580fec8449ec38b7828e7b389

a7116dc8a8296b97287b628c8cc8cc5fd834557d6d0fc29d5944fd1e4a30b8a3

a75040c1f0f11bf9629774525960c9cf35153727e1191057b575fb3c1ed0700a

aa30299c8266809acb727ef5ec89a80f0cdbcc848550607743f256438f00e398

aa4ea575f062475547ce69415145acded3eda98cff4e8e2b532b1f3201b1b0bf

d51861bee7da084197de80b44da801303efb75d19d27bad917eac7dd6036cb71

+ 219 additional samples on MalwareBazaar

Result

Malware family:

redline

Score:

10/10

Tags:

infostealer family:redline evasion spyware trojan discovery

Link:

https://tria.ge/reports/200626-8v7xhbe8me/

Behaviour

Suspicious use of WriteProcessMemory

Kills process with taskkill

Suspicious use of FindShellTrayWindow

Checks whether UAC is enabled

Modifies Internet Explorer settings

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious use of SetThreadContext

Checks for installed software on the system

Looks up external IP address via web service

Modifies system certificate store

Reads user/profile data of web browsers

RedLine

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/14563/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample