MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ff793e9ce4263a4c2fbf30ee93e0f53c1735b13991da3a29df763de6532c0311. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ff793e9ce4263a4c2fbf30ee93e0f53c1735b13991da3a29df763de6532c0311
SHA3-384 hash: 78251945a07df8b6192599ceada27696e1a344f7946bff0d6092bc126dc8bbb39d71ee365a4bc6a839ab18ec7d7cd29b
SHA1 hash: 2b5e00b1fc87ea7543a20097d2579a3b32a6abe0
MD5 hash: 1b37afe912ff84774162b577fff02523
humanhash: mockingbird-white-west-carbon
File name:1b37afe912ff84774162b577fff02523
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:299'008 bytes
First seen:2021-11-10 11:46:34 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c8cafda4e053c1cc53231f2d3aff32c4 (3 x RedLineStealer, 1 x Smoke Loader)
ssdeep 6144:StVHxckb+SVMhwtjJp8uL+eP1zqw4uzbgwujiga:StVHxNZJtlLWunnb
Threatray 4'316 similar samples on MalwareBazaar
TLSH T14654CF3A3BBD8831D0A71D31A46487A5093BB8716930914BE365671E2E30FFC89E671F
File icon (PE):PE icon
dhash icon fcfcd4d4d4d4d8c0 (75 x RedLineStealer, 56 x RaccoonStealer, 23 x Smoke Loader)
Reporter zbetcheckin
Tags:32 exe RedLineStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
106
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/204704/
Detection(s):
Win.Malware.Fragtor-9907126-0
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/618bb138175442ca93aa9291/reports/1672ba18-a589-45c3-8442-928116be1b5b/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/0498a6dc-89c6-4b9c-b23c-b785bc5bf249
Result
Threat name:
RedLine
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/886676
Signature
Found malware configuration
Machine Learning detection for sample
Yara detected RedLine Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ff793e9ce4263a4c2fbf30ee93e0f53c1735b13991da3a29df763de6532c0311/
Threat name:
Win32.Trojan.Injuke
Create hunting rule
Status:
Malicious
First seen:
2021-11-10 11:47:05 UTC
AV detection:
23 of 28 (82.14%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
351b7b183ee55d280acfffc23886ef74efd76873d508704336bb782d84176f90
RedLineStealer
64f9f7fccc993e73cf2ad970c822c53e4b6830687af349f8d791037ccd8b3a03
RedLineStealer
858d2384fe0e2ed91c2e2400e4f58435d59989a0e209747004a0e63f898ba483
RedLineStealer
9b6a7db9202742073407252d5db59ded5b938f7c2e2383b00e87857f122be3bc
RedLineStealer
a014acb67295264a4f9ac982db6b65d858f259ca46dd92d836091ef872f78b7e
RedLineStealer
b8c3325bc497649787f113cee57f95a63ba7a06138fac32329f0b89814b848b7
RedLineStealer
b93c3342ed056d702f68cda57ccdd6ea92c34addac671f174e7070477cf4c156
RedLineStealer
ba60a173e1935175aaddd6a07759577fa82f0b47f2ae978e6d27f0185ec6e560
RedLineStealer
f8eaf4927a573dd810d0d51d0af5b72dfe12045dd7e84535ff9b636ec8f6dfb1
RedLineStealer
+ 4'306 additional samples on MalwareBazaar
Result
Malware family:
redline
Create hunting rule
Score:
  10/10
Tags:
family:redline botnet:superstar infostealer
Link:
https://tria.ge/reports/211110-nxv26aeahr/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
RedLine
RedLine Payload
Malware Config
C2 Extraction:
185.215.113.29:36224
Unpacked files
SH256 hash:
95d1284b38956fb6a9e76c630acce1c37e41177cb6363df6759b31c139f25227
MD5 hash:
85f83ca85cab60c704c1b3d52cbd276d
SHA1 hash:
f3c0408a8bbf38acf5a04c287d9e148d12f341a3
Link:
https://www.unpac.me/results/60196fc0-5377-4b50-ba70-0ba00621de9d/
SH256 hash:
eb58744cfd98d6f6c157ed563904b39c05b4a5393894692cbd1be6298d9d2086
MD5 hash:
93ed16d365e472e03681a21e6b053782
SHA1 hash:
cc4be427791cf175a23154a83c0dbf497b280e43
Link:
https://www.unpac.me/results/60196fc0-5377-4b50-ba70-0ba00621de9d/
SH256 hash:
530ee932b7e415222c31080326f026a79280df76ab363ca38802a15497f8ce51
MD5 hash:
3c95728f3f0dd3b1511554febac68c1a
SHA1 hash:
c0a34aa26369e0a9ce99c72df75f1141142e430e
Link:
https://www.unpac.me/results/60196fc0-5377-4b50-ba70-0ba00621de9d/
SH256 hash:
ff793e9ce4263a4c2fbf30ee93e0f53c1735b13991da3a29df763de6532c0311
MD5 hash:
1b37afe912ff84774162b577fff02523
SHA1 hash:
2b5e00b1fc87ea7543a20097d2579a3b32a6abe0
Link:
https://www.unpac.me/results/60196fc0-5377-4b50-ba70-0ba00621de9d/
Malware family:
RedNet
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/ff793e9ce426/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ff793e9ce4263a4c2fbf30ee93e0f53c1735b13991da3a29df763de6532c0311

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe ff793e9ce4263a4c2fbf30ee93e0f53c1735b13991da3a29df763de6532c0311

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1746392/
Cape
Cape
https://www.capesandbox.com/analysis/204704/

Comments


Avatar
zbet commented on 2021-11-10 11:46:36 UTC

url : hxxp://hajezey10.top/clapp.exe