MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f8b661f18eed7ddf578935cd9ac53288b7994bf0d3626254ea30c9c65a9aedcb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RedLineStealer

Vendor detections: 13

Intelligence 13 IOCs 1 YARA File information Comments

SHA256 hash:	f8b661f18eed7ddf578935cd9ac53288b7994bf0d3626254ea30c9c65a9aedcb
SHA3-384 hash:	46949150df0d21d7129f54f54b97b07f7ce80cd0d0f239f14ba565b7230b689970a8151c22654d250ca093d8afc937f1
SHA1 hash:	fe3021e761c9e08b95facb9975ee1c6f289f80f3
MD5 hash:	336bf67070ac038213f8578d1882c585
humanhash:	carbon-seventeen-batman-diet
File name:	336bf67070ac038213f8578d1882c585.exe
Download:	download sample
Signature	RedLineStealer Create hunting rule
File size:	349'696 bytes
First seen:	2022-03-24 17:47:05 UTC
Last seen:	2022-03-24 20:16:12 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f3e2f2b52a9345b2bd8582942ee5c776 (11 x Stop, 7 x RedLineStealer, 2 x N-W0rm)
ssdeep	3072:tGKFFANirVxPls+WHyICDHmFrybH8MXLTttQfKlJD8uTG+p20PUT/1FEIwS5HSgW:g9i/9LmFrybxTttyKl3TGwuQ
Threatray	5'753 similar samples on MalwareBazaar
TLSH	T1C97402103F829432C442027E3A63C768ABBDA932476266473BDB67791D711D1EABF346
File icon (PE):
dhash icon	8e498ee88e0f8e86 (1 x RedLineStealer)
Reporter	abuse_ch
Tags:	exe RedLineStealer

abuse_ch

RedLineStealer C2:
193.106.191.203:44450

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOC	ThreatFox Reference
193.106.191.203:44450	https://threatfox.abuse.ch/ioc/446394/

Intelligence

File Origin

# of uploads :

# of downloads :

224

Origin country :

n/a

Vendor Threat Intelligence

Detection:

RedLine

Link:

https://www.capesandbox.com/analysis/257262/

Detection(s):

SecuriteInfo.com.W32.AIDetect.malware1.20153.15001.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/11173/overview

Behaviour

SystemUptime

MeasuringTime

EvasionQueryPerformanceCounter

CheckCmdLine

EvasionGetTickCount

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

greyware

Link:

https://www.filescan.io/uploads/623caed7b94fb38cb4e4d241/reports/aeeb1d35-43bf-47f3-83f7-86e9cb64d42d/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Generic Malware

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/0d4ae7cb-9ff6-4673-9162-2a9bebb5faf9

Result

Threat name:

RedLine

Detection:

malicious

Classification:

troj.evad

Score:

92 / 100

Link:

https://www.joesandbox.com/analysis/963929

Signature

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Found malware configuration

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected RedLine Stealer

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/f8b661f18eed7ddf578935cd9ac53288b7994bf0d3626254ea30c9c65a9aedcb/

Threat name:

Win32.Trojan.Raccrypt

Status:

Malicious

First seen:

2022-03-24 17:48:11 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

19 of 26 (73.08%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=7c3gd4mo5v656v4jgxgzvrjsrc3zss7q2nrgevhkgde4mwu25xfq._file

Verdict:

malicious

RedLineStealer

300da18433a99d30d70ef0cd5c1a43576b4125fe506a4b96ac4155d76f2cafb5

RedLineStealer

5dffe9536f7a2717957d2e1a7226fce84c7632fe025e01d5b06dcf1a19f806b1

RedLineStealer

659a8cd70e8c26e22e08f843f6ed253f93beee4ec247706e19e893486b2df818

RedLineStealer

711ad62ae51fa798a1f7bad6d51a5e0c766734ae23ec59bfb3fba09897005142

RedLineStealer

b37c8385d07dee958cba40a9c1a84b34a8fdab713a80573435df427a8ab27120

RedLineStealer

+ 5'743 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/220324-wdf3wsghdr/

Behaviour

Suspicious use of AdjustPrivilegeToken

Unpacked files

SH256 hash:

2f5cebe3bb9a81dcfe6184f0156353c6b0e0d2f97b09fa7fb12c6e354fc8e328

MD5 hash:

68d0ad13ed1be4c78ad0f3c94a263fa0

SHA1 hash:

8a11ef5281898a8c1918c142ff4a630f0c890d0a

Link:

https://www.unpac.me/results/738d30f2-7f38-456d-8b2a-73655578959e/

SH256 hash:

e5e33e7ba58c33a725097622e24054d3f0aa908f47767ccfd068ce11b1e52c84

MD5 hash:

a5c9e2863ca5cd8f59c4a526fd3cde59

SHA1 hash:

7dd8f3efec75252bb7ce2fd4fddbc75b58a4c055

Link:

https://www.unpac.me/results/738d30f2-7f38-456d-8b2a-73655578959e/

SH256 hash:

ca832ac5ec386e0bcc4ae4d766532836b34e9d52c5dd38f02c30192b5b95979f

MD5 hash:

6caf7fae499e993af6da5a85c3f92fcf

SHA1 hash:

54431da07be0f6c221485135db3e9760481e62ec

Link:

https://www.unpac.me/results/738d30f2-7f38-456d-8b2a-73655578959e/

SH256 hash:

f8b661f18eed7ddf578935cd9ac53288b7994bf0d3626254ea30c9c65a9aedcb

MD5 hash:

336bf67070ac038213f8578d1882c585

SHA1 hash:

fe3021e761c9e08b95facb9975ee1c6f289f80f3

Link:

https://www.unpac.me/results/738d30f2-7f38-456d-8b2a-73655578959e/

Malware family:

RedNet

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/f8b661f18eed/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/f8b661f18eed7ddf578935cd9ac53288b7994bf0d3626254ea30c9c65a9aedcb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

exe f8b661f18eed7ddf578935cd9ac53288b7994bf0d3626254ea30c9c65a9aedcb

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/2108212/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/257262/

URLhaus

https://urlhaus.abuse.ch/url/2101309/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample