MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b82912864b2336fb19a48a3b141913c456335d1b4abf3cda481a16609be4e97e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



RedLineStealer


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments

SHA256 hash: b82912864b2336fb19a48a3b141913c456335d1b4abf3cda481a16609be4e97e
SHA3-384 hash: eff0a4d1faaaf6e9234e3edae68e4236f9dcd663bea1a7132289540917c930129cb4d14e4c8ba814d3754e7d8a9a93d6
SHA1 hash: 3f299a0ff0856fd03162eda96865983898571ccc
MD5 hash: d858bddd62c8574bc91b268a6c1d783e
humanhash: nuts-summer-december-social
File name:AstraLocker 2.0 Decryptors.zip
Download: download sample
Signature RedLineStealer
File size:27'777'396 bytes
First seen:2022-07-04 16:45:33 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 393216:X9yZTszBjREGzIGlcetm6bYKz6bYA6bYUMPgbrZISypoSAMMIgbrZN1yc6SAXQ+n:cZwFREGzZV4/2/A/kZl4ZSZ/1f/GON4n
TLSH T1205723A211A30F99F84C153880CF8F46E31DAB4A91569B5B1375F26F7EB73B4DB62810
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter @BleepinComputer
Tags:AstraLocker Ransomware RedLineStealer zip


Twitter
@BleepinComputer
AstraLocker ransomware decryptors shared with BleepingComputer.

Intelligence


File Origin
# of uploads :
1
# of downloads :
461
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed zilla
Gathering data
Threat name:
Win32.Ransomware.Babuk
Status:
Malicious
First seen:
2022-07-04 16:13:43 UTC
AV detection:
28 of 39 (71.79%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Behaviour
Enumerates physical storage devices

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments