MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0183f14529a7655ab0c0bb9697c94f5945ce6bde07cd8f7dbe82a1961df5b252. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0183f14529a7655ab0c0bb9697c94f5945ce6bde07cd8f7dbe82a1961df5b252
SHA3-384 hash: 0d1e58d002f1888a2bd575d2e8ecafa0763612a0569a9f1c1cf879e2b2b630b3309d5272290a5c739d968e56c55ae6f5
SHA1 hash: 60718db689985d574756a30c073a7a7c35cdc440
MD5 hash: 93e60b11971efa720d0c02635e1ac200
humanhash: may-beryllium-apart-alaska
File name:quote.img
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:1'245'184 bytes
First seen:2021-01-12 18:07:18 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 3072:gKeyiaRH+y9UTF/oaXO8N5P8voT5R1paRAJRLZ4IBbN/MNT9EcHByhTXyjp98ufk:gK6aRH+yKT1OFETZTMkTixSw
TLSH 05451A90D3888CA6FC7E07779432A82104FBFDAEA470D66E1A9D70951F73783106AD5B
Reporter abuse_ch
Tags:img RedLineStealer


Avatar
abuse_ch
Malspam distributing RedLineStealer:

HELO: patrickind.com
Sending IP: 50.250.32.34
From: Crystal R. Icenhour <cicenhour@patrickind.com>
Subject: Request For Quotation
Attachment: quote.img (contains "quote.pdf.exe")

RedLineStealer C2:
http://195.149.87.246:35200/IRemotePanel

Intelligence

File Origin
# of uploads :
1
# of downloads :
146
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Iso_fs1801.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0183f14529a7655ab0c0bb9697c94f5945ce6bde07cd8f7dbe82a1961df5b252/
Threat name:
ByteCode-MSIL.Infostealer.RedLine
Create hunting rule
Status:
Malicious
First seen:
2021-01-12 18:08:09 UTC
AV detection:
17 of 46 (36.96%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=agb7crjju5svvmgaxoljpskplfc44266a7gy67n6qkqzmhpvwjja._file
Malware family:
RedLine.B
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/0183f14529a7/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0183f14529a7655ab0c0bb9697c94f5945ce6bde07cd8f7dbe82a1961df5b252

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RedLineStealer

img 0183f14529a7655ab0c0bb9697c94f5945ce6bde07cd8f7dbe82a1961df5b252

(this sample)

RedLineStealer

Executable exe d94be77dfbd21d042637633b3dbbe689953c9385f011746cca6dd253cfa1c133

  
Dropping
MD5 be7efa251dc44d2c405753a986548636
  
Dropping
RedLineStealer
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d94be77dfbd21d042637633b3dbbe689953c9385f011746cca6dd253cfa1c133

Comments