MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fb3ff2b4bc0c7ae4eaaa2af0e2679c142aa9f04dbd19b19a575912d1c0229b88. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RedLineStealer

Vendor detections: 13

Intelligence 13 IOCs YARA 1 File information Comments

SHA256 hash:	fb3ff2b4bc0c7ae4eaaa2af0e2679c142aa9f04dbd19b19a575912d1c0229b88
SHA3-384 hash:	02fa34c5c94a3600bada38140daa01755d2fc8759cc5a0d1da89d8de550beb8a9e3f6f5a1054b793e1826d1232869036
SHA1 hash:	7ae881153cef5f839a381ea72bde6cda65fdcf1b
MD5 hash:	d1115bc7a0d75e90231460bb1561ef4e
humanhash:	paris-nebraska-pluto-eighteen
File name:	d1115bc7a0d75e90231460bb1561ef4e.exe
Download:	download sample
Signature	RedLineStealer Create hunting rule
File size:	286'208 bytes
First seen:	2021-10-12 16:29:14 UTC
Last seen:	2021-10-12 18:20:41 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	a3d3c102ccd598a84c1f646602841228 (1 x Smoke Loader, 1 x ArkeiStealer, 1 x RaccoonStealer)
ssdeep	6144:jlx+17HVGP//57gEkw0v4y50Vx98aCMuBeZh1lE:b+1LV657Nkwo4pH8cceL1
Threatray	9'840 similar samples on MalwareBazaar
TLSH	T11C54E120F2E3C472C897157158298BE21FEF78325A7095CF7B683E6E8D603D0AA25375
File icon (PE):
dhash icon	81bcdcac9cccb484 (4 x RedLineStealer, 2 x DanaBot, 1 x CryptBot)
Reporter	abuse_ch
Tags:	exe RedLineStealer

Intelligence

File Origin

# of uploads :

# of downloads :

153

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

d1115bc7a0d75e90231460bb1561ef4e.exe

Verdict:

Suspicious activity

Analysis date:

2021-10-12 16:57:04 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/3625520c-325a-48a2-9358-7a9c47bfadcb

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

RedLine

Link:

https://www.capesandbox.com/analysis/197002/

Detection(s):

SecuriteInfo.com.W32.AIDetect.malware1.1588.19282.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Connection attempt to an infection source

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Generic Malware

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/9ab20cf6-dc54-4f04-a35e-92c30d11eb60

Result

Threat name:

RedLine

Detection:

malicious

Classification:

troj.evad

Score:

84 / 100

Link:

https://www.joesandbox.com/analysis/868870

Signature

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Found malware configuration

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Yara detected RedLine Stealer

Behaviour

Behavior Graph:

Download SVG

Detection:

redlinestealer

Link:

https://mwdb.cert.pl/sample/fb3ff2b4bc0c7ae4eaaa2af0e2679c142aa9f04dbd19b19a575912d1c0229b88/

Threat name:

Win32.Trojan.Azorult

Status:

Malicious

First seen:

2021-10-12 12:43:10 UTC

AV detection:

17 of 28 (60.71%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=7m77fnf4br5oj2vkflyoez44cqvkt4cnxum3dgsxlejndqbctoea._file

Verdict:

malicious

RedLineStealer

321d63317ced77342c3941d1eaeb6afda9399d15fe0716db550ebc2c793d4bb2

RedLineStealer

4db1b043b67049d92f8e96c2db44daebaf453d9ee832eacdc6c9401cf77b5c36

RedLineStealer

5a1bda5759449a4fa40c6ba85efa7633671d528e09b97be0702ccf0721453184

RedLineStealer

627c5b7ac30abcd4d7040f98e6a4242627213bea3d91099961be6bce823c664b

RedLineStealer

6c37269f0433c2184fd46355e7e2cab1c4cb397d285d3653ab9aa30ebacb30b0

RedLineStealer

8060118a30512a3fd3f94d239cc38b00cdd956f6803af96e477857ae18d509a0

RedLineStealer

9bd5b5a4861e70c75a4d065c9d324b46cb880021a4feb524632b9b50a80b1163

RedLineStealer

ac907c58399649af9014f1bda35513f6de3527f699a7e927d17127136df440c3

RedLineStealer

f1a569c0cacca1b3440f4cc2f22898a032c52c92245d9059be57e336510fdb5e

RedLineStealer

+ 9'830 additional samples on MalwareBazaar

Result

Malware family:

redline

Score:

10/10

Tags:

family:redline botnet:udp infostealer

Link:

https://tria.ge/reports/211012-tzs88scfbk/

Behaviour

RedLine

RedLine Payload

Malware Config

C2 Extraction:

45.9.20.20:13441

Unpacked files

SH256 hash:

90b0e7d902727351e4a88f3b02c2d3d15d202b2a0ea118c961c21c258617c1cf

MD5 hash:

6ac070b383c57c84bce059f1611a8bc0

SHA1 hash:

f8768f72c0cc63945cbe31b75e39a9d207db06b5

Link:

https://www.unpac.me/results/4bd8fdd5-4531-4d95-9ee6-b17f81c49b9b/

SH256 hash:

74ec8e7f6661e87226bb95a4ba97ae828c45f3142b78d068492cff7162bbbd47

MD5 hash:

f007c18cee4cbdd6992122a8a216ccc0

SHA1 hash:

5b931b76947bb4484ae7b94a60e83c65f92b21b3

Link:

https://www.unpac.me/results/4bd8fdd5-4531-4d95-9ee6-b17f81c49b9b/

SH256 hash:

fc667313899f6647f9d67a16af1234ac6b109223b7c3ce0d178614985cfd27e9

MD5 hash:

24eb234842defb045592109e300bed32

SHA1 hash:

4fa3017ddf932a7f7ae7fbbeda7eacbea609f283

Link:

https://www.unpac.me/results/4bd8fdd5-4531-4d95-9ee6-b17f81c49b9b/

SH256 hash:

fb3ff2b4bc0c7ae4eaaa2af0e2679c142aa9f04dbd19b19a575912d1c0229b88

MD5 hash:

d1115bc7a0d75e90231460bb1561ef4e

SHA1 hash:

7ae881153cef5f839a381ea72bde6cda65fdcf1b

Link:

https://www.unpac.me/results/4bd8fdd5-4531-4d95-9ee6-b17f81c49b9b/

Malware family:

RedNet

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/fb3ff2b4bc0c/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/fb3ff2b4bc0c7ae4eaaa2af0e2679c142aa9f04dbd19b19a575912d1c0229b88

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.