MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f37537ab1a0c2fd830bf2ea03f299ceccf2d1eb5f8c72be80580a680450da4aa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RedLineStealer

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	f37537ab1a0c2fd830bf2ea03f299ceccf2d1eb5f8c72be80580a680450da4aa
SHA3-384 hash:	7d9819dbbda7c6ed1582c2c605f6fc86bd78c47b888e69bdfcf7a0aa0f32aaf206cd778e775edaa0f32c14177135ccfc
SHA1 hash:	a2b410693a7f156352091200fc2cc7747d1827b6
MD5 hash:	ea41b309917c1fd7d931e81272af6afa
humanhash:	xray-island-quebec-uncle
File name:	SecuriteInfo.com.Gen.NN.ZemsilF.34130.Sq1@aSYHQwe.22268
Download:	download sample
Signature	RedLineStealer Create hunting rule
File size:	736'392 bytes
First seen:	2020-07-06 14:16:03 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'742 x AgentTesla, 19'607 x Formbook, 12'242 x SnakeKeylogger)
ssdeep	12288:Pn5WYVHHQjc45fczTThvY09IKLGQz9YhRSlifFFIk:vhVHwjf0zXFY9yruhUe
Threatray	66 similar samples on MalwareBazaar
TLSH	46F49E85A2C7E640D69D3AF664938C784316BC65BC33803D3D663DC9873771A6CA36B2
Reporter	SecuriteInfoCom
Tags:	RedLineStealer

Intelligence

File Origin

# of uploads :

1

# of downloads :

81

Origin country :

n/a

Vendor Threat Intelligence

Gathering data

Detection(s):

SecuriteInfo.com.Gen.NN.ZemsilF.34130.Sq1@aSYHQwe.22268.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Launching a process

DNS request

Sending an HTTP POST request

Sending a custom TCP request

Creating a file in the Windows subdirectories

Unauthorized injection to a system process

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/f37537ab1a0c2fd830bf2ea03f299ceccf2d1eb5f8c72be80580a680450da4aa/

Threat name:

ByteCode-MSIL.Trojan.Kryptik

Status:

Malicious

First seen:

2020-07-06 14:17:04 UTC

AV detection:

21 of 29 (72.41%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=6n2tpky2bqx5qmf7f2qd6km45ths2hvv7ddsx2afqctiarinusva._file

Verdict:

malicious

Label(s):

agenttesla

Similar samples:

3b9f555888df6326a6a0c7dd2c2c1c2d78bbb969c1b7d40ea0d0e9679a06bbc5

3ee692779441b3a14699edc0f9ad269c58281d5735c570a9468f077739db26dd

555f84812f700d1448fd200f04200ae9d17413652be94c54ba442fccdf9104dc

692dc7ac48dfa381cd7f860236876e3621af2e1dc984b8f14cad498e412e88d8

6c6c416e7f5f748b6369b4eee9212932740124e375439222cdc649fb2d63d7e5

8a6b671ef4fc65efa1bd306da35f4bf2a18814d1ecf0f868ff2f27177fb37809

ce07198dda417c585ac5ce50c7c5376e9e48ec025dd2b6d06a210c0a72ff2935

d0e642197915ade19fb4c2df299063e49ed7f650e4b3b6ee90d4f0d626b900c3

e38724644ed4643ebcdea6b0ae8345bf094d9f6e6d81b0acb244f96a3129077e

f0e91f423775ca9ba80077774a4de1a212e890d285bdb587b003d57ba0f68b1c

+ 56 additional samples on MalwareBazaar

Result

Malware family:

redline

Score:

10/10

Tags:

evasion spyware trojan discovery infostealer family:redline

Link:

https://tria.ge/reports/200706-dzgktrnejs/

Behaviour

Kills process with taskkill

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Looks up external IP address via web service

Modifies system certificate store

Checks for installed software on the system

Reads user/profile data of web browsers

RedLine

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe f37537ab1a0c2fd830bf2ea03f299ceccf2d1eb5f8c72be80580a680450da4aa

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/408183/

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/407605/

Cape

Cape

https://www.capesandbox.com/analysis/21636/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample