MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0002eee86629dbd0e43475e1b869de2cc84cd3a346e52f0d5c003bc417f787a6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0002eee86629dbd0e43475e1b869de2cc84cd3a346e52f0d5c003bc417f787a6
SHA3-384 hash: fb00d43ccf94209a74eeb49bbb5a26c83e90898d30e835b35ddb6a62094381245fba057b6d99592072ed4cae2abf8952
SHA1 hash: b39665c4fafdddf73fdfd8131584d35387a89350
MD5 hash: abe889d4b0eb4e98f09dc9c44edf78cd
humanhash: equal-island-lake-illinois
File name:Quote_8776665_008776654PDF.lzh
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:418'557 bytes
First seen:2021-01-07 08:08:05 UTC
Last seen:Never
File type: lzh
MIME type:application/x-lzh-compressed
ssdeep 12288:27krGW3W5A+jPdcufV9M6A/rACUConkche3:27q3WWScA+6A/r4kZ
TLSH 24942312C628CD843E568469480A51E0C177B8FFBC13BC9C952C7F6F8E54F2ED17AA5A
Reporter abuse_ch
Tags:lzh RedLineStealer


Avatar
abuse_ch
Malspam distributing RedLineStealer:

HELO: danaackremannl.com
Sending IP: 50.209.130.129
From: Lydia Yonkers<lydiayonkers@danaackremannl.com>
Reply-To: lydiayonkers@danaackremannl.com
Subject: Quote Request
Attachment: Quote_8776665_008776654PDF.lzh (contains "Quote_8776665_008776654PDF.exe")

RedLineStealer C2:
http://redline957.duckdns.org:35253/IRemotePanel

Intelligence

File Origin
# of uploads :
1
# of downloads :
213
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.DrodLzh-A.15056.12457.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0002eee86629dbd0e43475e1b869de2cc84cd3a346e52f0d5c003bc417f787a6/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-01-07 08:09:05 UTC
AV detection:
12 of 46 (26.09%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=aabo52dgfhn5bzbuoxq3q2o6fteezu5di3ss6dk4aa54if7xq6ta._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.97
Link:
https://yomi.yoroi.company/submissions/0002eee86629dbd0e43475e1b869de2cc84cd3a346e52f0d5c003bc417f787a6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RedLineStealer

lzh 0002eee86629dbd0e43475e1b869de2cc84cd3a346e52f0d5c003bc417f787a6

(this sample)

RedLineStealer

Executable exe 58909bdbe9145136b971a479fe4eb668fcf23278cd14c29b8526ef0627a5ba0f

  
Dropping
MD5 85ced2916ed4ec50ed7800111dc1af4d
  
Dropping
RedLineStealer
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 58909bdbe9145136b971a479fe4eb668fcf23278cd14c29b8526ef0627a5ba0f

Comments