MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 02c4cde7d21c9c4f6bd937aa05685f465b0f2179c411b312a8eba1b7fb0c9cfe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 02c4cde7d21c9c4f6bd937aa05685f465b0f2179c411b312a8eba1b7fb0c9cfe
SHA3-384 hash: 9605f4917215360669f1303e022831b806f28ef17d4165bb1f2806721fc97420b325ad6b79f77e1815cccb77af867a7b
SHA1 hash: 4e87e621afebd962368becff8600687250b9c263
MD5 hash: b3eec05211178c2bcc0730c309ad2398
humanhash: washington-hawaii-leopard-saturn
File name:QUOTE7772883_283848872_PDF.IMG
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:1'572'864 bytes
First seen:2021-01-12 16:52:48 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:moRnxEcPM/M9OrOhnmfYXrN1GmEpi+pW2Ecb1/KkxH0Wlh4v6nnjqKoe:FVc8nmsrLDmi+Q2Eiikx0Wk6nnjqKoe
TLSH ED756C426B809710DBBC63FE6112005027F2EA6BE3B8D75CEF9470A25F92A6405FE757
Reporter abuse_ch
Tags:img RedLineStealer


Avatar
abuse_ch
Malspam distributing RedLineStealer:

HELO: danaackremannl.com
Sending IP: 72.93.93.58
From: Lydia Yonkers<lydiayonkers@danaackremannl.com>
Reply-To: lydiayonkers@danaackremannl.com
Subject: Quote Request
Attachment: QUOTE7772883_283848872_PDF.IMG (contains "QUOTE7772883_283848872_PDF.exe")

RedLineStealer C2:
http://redline957.duckdns.org:35253/IRemotePanel

Intelligence

File Origin
# of uploads :
1
# of downloads :
132
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Iso_fs1801.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/02c4cde7d21c9c4f6bd937aa05685f465b0f2179c411b312a8eba1b7fb0c9cfe/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-01-12 16:53:05 UTC
AV detection:
6 of 46 (13.04%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=alcm3z6sdsoe626zg6vak2c7iznq6ilzyqi3gevi5oq3p6ymtt7a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/02c4cde7d21c9c4f6bd937aa05685f465b0f2179c411b312a8eba1b7fb0c9cfe

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RedLineStealer

img 02c4cde7d21c9c4f6bd937aa05685f465b0f2179c411b312a8eba1b7fb0c9cfe

(this sample)

RedLineStealer

Executable exe dd364f123e241e6edd773382a05180e538e93eb6d471856f2217422e47526e51

  
Dropping
MD5 313d7f0143ce81f482c7a7578556dc0a
  
Dropping
RedLineStealer
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 dd364f123e241e6edd773382a05180e538e93eb6d471856f2217422e47526e51

Comments