MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 045480a084a090029c9f86b103e3f23b4e9e3923180c35d61eca933af3802060. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 14


Intelligence 14 IOCs 2 YARA 5 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 045480a084a090029c9f86b103e3f23b4e9e3923180c35d61eca933af3802060
SHA3-384 hash: 030409bffef39d006fac15522943f1cffd3297149f61e546c35ac3f478952272a7ef3bb984ad84e90bb78668c056d1bc
SHA1 hash: 3f1fd35352fbde7a47d94646e6565e7e0e202306
MD5 hash: a03b66a1ddbda28b4624edd0b7ec2cda
humanhash: single-butter-eleven-foxtrot
File name:a03b66a1ddbda28b4624edd0b7ec2cda.exe
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:7'143'268 bytes
First seen:2021-12-21 00:16:15 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 32569d67dc210c5cb9a759b08da2bdb3 (122 x RedLineStealer, 42 x DiamondFox, 37 x RaccoonStealer)
ssdeep 196608:xGLUCgl/8k5ekSJ9S+r8YPK5QNDo3U3D+1:xOdgl/95ekS+xIK4o31
Threatray 1'150 similar samples on MalwareBazaar
TLSH T1FD7633107341A0FBEDE2F13705497BF522FA91CD0971A8D7B542CB484F7E8A9622EDA1
File icon (PE):PE icon
dhash icon 848c5454baf47474 (2'088 x Adware.Neoreklami, 101 x RedLineStealer, 33 x DiamondFox)
Reporter abuse_ch
Tags:exe RedLineStealer


Avatar
abuse_ch
RedLineStealer C2:
45.9.20.229:11452

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
45.9.20.229:11452 https://threatfox.abuse.ch/ioc/277936/
185.7.214.8:28299 https://threatfox.abuse.ch/ioc/279255/

Intelligence

File Origin
# of uploads :
1
# of downloads :
201
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
a03b66a1ddbda28b4624edd0b7ec2cda.exe
Verdict:
No threats detected
Analysis date:
2021-12-21 06:22:35 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/aef0b005-3f0a-4ef9-aeae-85947205f30e

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
OnlyLogger
Create hunting rule
Link:
https://www.capesandbox.com/analysis/215548/
Detection(s):
Win.Packed.Barys-9859531-0
Create hunting rule

Win.Malware.Generic-9863888-0
Create hunting rule

Win.Packed.Jaik-9863991-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Сreating synchronization primitives
Creating a process from a recently created file
Searching for the window
Running batch commands
Sending a custom TCP request
DNS request
Sending an HTTP GET request
Launching a process
Creating a window
Searching for synchronization primitives
Creating a file
Creating a process with a hidden window
Launching the default Windows debugger (dwwin.exe)
Unauthorized injection to a recently created process by context flags manipulation
Launching a tool to kill processes
Unauthorized injection to a recently created process
Sending an HTTP GET request to an infection source
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/2800/overview
Behaviour
MalwareBazaar
CheckCmdLine
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
barys mokes overlay packed
Link:
https://www.filescan.io/uploads/61c11d004ab5c44cbf4ad5ec/reports/6e289b4f-b935-4d2d-8b28-c3e89b47d6bb/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Socelars
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/b46c103b-02e6-47fb-a919-ddd6f64c4685
Result
Threat name:
SmokeLoader Socelars
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/910679
Signature
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code references suspicious native API functions
Adds a directory exclusion to Windows Defender
Antivirus detection for dropped file
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Disable Windows Defender real time protection (registry)
Disables Windows Defender (via service or powershell)
Found evasive API chain (trying to detect sleep duration tampering with parallel thread)
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Obfuscated command line found
PE file contains section with special chars
PE file has a writeable .text section
PE file has nameless sections
Sigma detected: Powershell Defender Exclusion
Sigma detected: Suspicious Script Execution From Temp Folder
Tries to harvest and steal browser information (history, passwords, etc)
Yara detected SmokeLoader
Yara detected Socelars
Yara detected WebBrowserPassView password recovery tool
Yara Genericmalware
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 543154 Sample: d1wfq60PsV.exe Startdate: 21/12/2021 Architecture: WINDOWS Score: 100 59 208.95.112.1 TUT-ASUS United States 2->59 61 151.115.10.1 OnlineSASFR United Kingdom 2->61 63 5 other IPs or domains 2->63 79 Antivirus detection for URL or domain 2->79 81 Antivirus detection for dropped file 2->81 83 Multi AV Scanner detection for dropped file 2->83 85 14 other signatures 2->85 10 d1wfq60PsV.exe 22 2->10         started        signatures3 process4 dnsIp5 67 192.168.2.1 unknown unknown 10->67 43 C:\Users\user\AppData\...\setup_install.exe, PE32 10->43 dropped 45 C:\Users\user\...\Sat02f0e19902a987a7.exe, PE32 10->45 dropped 47 C:\Users\user\...\Sat02c0e2b6cedc92a.exe, PE32 10->47 dropped 49 17 other files (8 malicious) 10->49 dropped 14 setup_install.exe 1 10->14         started        file6 process7 dnsIp8 75 104.21.50.158 CLOUDFLARENETUS United States 14->75 77 127.0.0.1 unknown unknown 14->77 103 Adds a directory exclusion to Windows Defender 14->103 105 Disables Windows Defender (via service or powershell) 14->105 18 cmd.exe 1 14->18         started        20 cmd.exe 1 14->20         started        22 cmd.exe 1 14->22         started        25 5 other processes 14->25 signatures9 process10 signatures11 27 Sat02f0e19902a987a7.exe 4 94 18->27         started        32 Sat02554508507a106c.exe 20->32         started        87 Adds a directory exclusion to Windows Defender 22->87 89 Disables Windows Defender (via service or powershell) 22->89 34 powershell.exe 12 22->34         started        36 powershell.exe 26 25->36         started        38 Sat02962f4664577a689.exe 7 25->38         started        process12 dnsIp13 69 185.215.113.208 WHOLESALECONNECTIONSNL Portugal 27->69 71 103.155.92.143 TWIDC-AS-APTWIDCLimitedHK unknown 27->71 73 23 other IPs or domains 27->73 51 C:\Users\...\YgfB82d5JcZAe1pglliM0c8H.exe, PE32+ 27->51 dropped 53 C:\Users\...53T2CYrxwFZpNpRIRSNJGU5Hg.exe, PE32 27->53 dropped 55 C:\Users\user\AppData\...\toolspab2[1].exe, PE32 27->55 dropped 57 46 other files (14 malicious) 27->57 dropped 91 Tries to harvest and steal browser information (history, passwords, etc) 27->91 93 Disable Windows Defender real time protection (registry) 27->93 95 Detected unpacking (changes PE section rights) 32->95 97 Detected unpacking (overwrites its own PE header) 32->97 99 Machine Learning detection for dropped file 32->99 101 2 other signatures 32->101 40 Sat02554508507a106c.exe 2 32->40         started        file14 signatures15 process16 dnsIp17 65 82.118.234.104 DAINTERNATIONALGROUPGB Bulgaria 40->65
Detection:
vidar
Create hunting rule
Link:
https://mwdb.cert.pl/sample/045480a084a090029c9f86b103e3f23b4e9e3923180c35d61eca933af3802060/
Threat name:
Win32.Backdoor.Mokes
Create hunting rule
Status:
Malicious
First seen:
2021-12-19 03:26:35 UTC
File Type:
PE (Exe)
Extracted files:
266
AV detection:
22 of 28 (78.57%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=arkibieeuciafhe7q2yqhy7shnhj4ojddagdlvq6zkjtv44aebqa._file
Verdict:
malicious
Label(s):
ryuk
Create hunting rule
Similar samples:
33330133ac2e1b2dfcbc12b66276a6a61f4c4572ad4de8675f8afdabfcbb3d43
RedLineStealer
530e0002c120d13962f54641655060f420625a3ee39b740dac62a644bda96ede
RedLineStealer
7d11586c00eeb3c5a62f8924e862f4926e5c0632b1eb9e95008d91a5f689b1eb
RedLineStealer
98b744289399d40bee96ceada3e8a187627ca9d09e4815078b83762ae78cedfb
RedLineStealer
a2f9f5a099a6b1c2ba6789effefa150aec52c5587e85df9a6963fd03b55d4d57
RedLineStealer
+ 1'140 additional samples on MalwareBazaar
Result
Malware family:
socelars
Create hunting rule
Score:
  10/10
Tags:
family:redline family:smokeloader family:socelars botnet:media18n aspackv2 backdoor discovery evasion infostealer persistence spyware stealer trojan
Link:
https://tria.ge/reports/211221-ak2saacaf7/
Behaviour
Checks SCSI registry key(s)
Checks processor information in registry
Kills process with taskkill
Modifies data under HKEY_USERS
Modifies registry class
Modifies system certificate store
Script User-Agent
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Drops file in System32 directory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
Looks up geolocation information via web service
Checks computer location settings
Loads dropped DLL
Reads user/profile data of web browsers
ASPack v2.12-2.42
Downloads MZ/PE file
Executes dropped EXE
NirSoft WebBrowserPassView
Nirsoft
Modifies Windows Defender Real-time Protection settings
Process spawned unexpected child process
RedLine
RedLine Payload
SmokeLoader
Socelars
Socelars Payload
Suspicious use of NtCreateUserProcessOtherParentProcess
Malware Config
C2 Extraction:
http://www.biohazardgraphics.com/
http://rcacademy.at/upload/
http://e-lanpengeonline.com/upload/
http://vjcmvz.cn/upload/
http://galala.ru/upload/
http://witra.ru/upload/
65.108.69.168:13293
Unpacked files
SH256 hash:
012c3d22b5374c4f595fcf1986bf2a67697f322f36e8bb6456809334f98f5781
MD5 hash:
8bacb64db8fb73308faefd14b863fd43
SHA1 hash:
c5bf54f8b9cc198d6d380f3ee7a74df2feadf32a
Link:
https://www.unpac.me/results/1f61b322-ed2f-40d6-b588-34fb1599bd57/
SH256 hash:
9dac78cf97a753e813b02cb654f076cdea03155bc9a98ed64ec248729ead52ec
MD5 hash:
29fa5c5ade39d4ae5a0f564949278923
SHA1 hash:
376051004220051779d97fcb44065a8724de370b
Link:
https://www.unpac.me/results/1f61b322-ed2f-40d6-b588-34fb1599bd57/
SH256 hash:
e7b8877389f0bfb5fb95f08a799a0e7d06a2f7161a0287552ff3eadf06bd1dd1
MD5 hash:
e9eb471509abbfb4456285e82b25d1c9
SHA1 hash:
b96ef576c147ea8a1b3e0bd5430117ba9ad31096
Link:
https://www.unpac.me/results/1f61b322-ed2f-40d6-b588-34fb1599bd57/
SH256 hash:
fdfcbc8cfb57a3451a3d148e50794772d477ed6cc434acc779f1f0dd63e93f4b
MD5 hash:
a6865d7dffcc927d975be63b76147e20
SHA1 hash:
28e7edab84163cc2d0c864820bef89bae6f56bf8
Link:
https://www.unpac.me/results/1f61b322-ed2f-40d6-b588-34fb1599bd57/
SH256 hash:
e427f8ef21691e3d8c2313d11129ad08ddef69a158eca2f77c170603478ff0c4
MD5 hash:
0dedd909aae9aa0a89b4422106310e9e
SHA1 hash:
271d36afa5b729ee590cf8066166ca5e9c9d0340
Link:
https://www.unpac.me/results/1f61b322-ed2f-40d6-b588-34fb1599bd57/
SH256 hash:
e145af35ca7fcc9da24f8d0bd4f8cc9993ddf532a3d43bdf995f1528f58d5b7e
MD5 hash:
f785f4a83149814d32c597487d357f60
SHA1 hash:
e775adb0c6ab03167ee7bccb8890c60232f905f4
Link:
https://www.unpac.me/results/1f61b322-ed2f-40d6-b588-34fb1599bd57/
SH256 hash:
85d2b02aa7e095eab889be79bae75794ea79a3572d1032806d50f4b99876936a
MD5 hash:
54798398a58169ead1da48583c23e328
SHA1 hash:
ba4d0445e8cc28c0694b2cc4eb2b3ae17bec0bb8
Link:
https://www.unpac.me/results/1f61b322-ed2f-40d6-b588-34fb1599bd57/
SH256 hash:
ed1d717d35a927a8464dc954904af8bea56bcff628005c867b950a8010d99f87
MD5 hash:
554ff5f0936b8762b0c06ef07a84baeb
SHA1 hash:
b70d2d8d728894523d4b93e9b7fd178ce82530ae
Link:
https://www.unpac.me/results/1f61b322-ed2f-40d6-b588-34fb1599bd57/
SH256 hash:
fb5e44afa9b86e8d68f158b58036682dc28b8e3ed0d5391ffcd246f5bd8dec99
MD5 hash:
4c120576caedf379e15621df6328dfc0
SHA1 hash:
af3ddbcb753c2609d1b1c0985984a0957d9d0d0f
Link:
https://www.unpac.me/results/1f61b322-ed2f-40d6-b588-34fb1599bd57/
SH256 hash:
79891e5f22bd826844f1f823318c8fd97bd5f39c0a9644aa9bc1f07a7a37deb8
MD5 hash:
de1498ead9690921b2a4a20aa6b39cc4
SHA1 hash:
a73cbecf1a479ddc09ce734471c1b6ca0429e38e
Link:
https://www.unpac.me/results/1f61b322-ed2f-40d6-b588-34fb1599bd57/
SH256 hash:
6b1398a72aeed89ba68ca6d6c4c00f382da3f8be2f3d241a0c2c001454050a96
MD5 hash:
ee09219ea766e31c27ee42e179d30e28
SHA1 hash:
97e44b3e031c2cc325b6eb271f36748ed58bfe16
Link:
https://www.unpac.me/results/1f61b322-ed2f-40d6-b588-34fb1599bd57/
SH256 hash:
21e22ccfddb4ee62b5233ca167432ade5b60f63ee7e163a15b415d46b7501b5b
MD5 hash:
2c8aa79f2bfcdb61b0a3ac3335fd8e7e
SHA1 hash:
90dc534ed343085fa21f32d12857457791e09a7d
Link:
https://www.unpac.me/results/1f61b322-ed2f-40d6-b588-34fb1599bd57/
SH256 hash:
1c10262bb225a9ec349e338cc8b6ff8148e08c68dd93708fc202021b972f907d
MD5 hash:
eaffdac15faecef56d2e2323075f7295
SHA1 hash:
77b01357a182a0f44baa4e79a3eb86a5f8672494
Link:
https://www.unpac.me/results/1f61b322-ed2f-40d6-b588-34fb1599bd57/
SH256 hash:
dcc1725b855ec8f21f1a78a72bc3951682a20709b129d16051cbbbfca2361c2a
MD5 hash:
851857aa313098b41716720126d1e9e1
SHA1 hash:
748d3a025f04a0526678af71a341097570c88e7e
Link:
https://www.unpac.me/results/1f61b322-ed2f-40d6-b588-34fb1599bd57/
SH256 hash:
37babe9d155aeb858518bee786d03fcc5e194d9c72acb1be58ce6243e960756a
MD5 hash:
75de06d689d94cd71a356e536be6d81a
SHA1 hash:
703c74c0b7a1d883c77eac3d9625cd4a59e428c1
Link:
https://www.unpac.me/results/1f61b322-ed2f-40d6-b588-34fb1599bd57/
SH256 hash:
32bfda4b28a7eda15a37acdb96b3d5c2f72308dae060990baa05a52219e22499
MD5 hash:
c33557f0ff5dad08a2065d4d40e07407
SHA1 hash:
6bc96e911aac10909cb8d34b83dfefe744797217
Link:
https://www.unpac.me/results/1f61b322-ed2f-40d6-b588-34fb1599bd57/
SH256 hash:
1db5a59b5a011857ae8373430c51c0ed4a0df1cac932f5c8f50dc7744e6440e4
MD5 hash:
1dd9cf1250a111088241b046f5efc022
SHA1 hash:
476f28d8fde71cc3f49f813cbf4178096c6cf129
Link:
https://www.unpac.me/results/1f61b322-ed2f-40d6-b588-34fb1599bd57/
SH256 hash:
ffd339c8c88aae8406c17d8229f60e8d2661ab8a2526ae357b19c15bf574fa64
MD5 hash:
3fe6f42ed4add0cec417f01461308d05
SHA1 hash:
3aa9849244eeae734063c3f88c5876f011b88e8e
Link:
https://www.unpac.me/results/1f61b322-ed2f-40d6-b588-34fb1599bd57/
SH256 hash:
d3ab0fce54a316edfa71eb2c49828a571a0e82b464b9b268a5b881ecb239b441
MD5 hash:
30560cf83b26274f780b32bc8f565253
SHA1 hash:
1d77c0c0e60f5d6149d0d953199a71c932620b2c
Link:
https://www.unpac.me/results/1f61b322-ed2f-40d6-b588-34fb1599bd57/
SH256 hash:
413e39b9527276418979820d2ed52935a36f0ffc4873bb8885480f57035525b9
MD5 hash:
577e9b3dec241a7822a13ad8038b00d6
SHA1 hash:
071ee4dc6e2e5e326d323a8e31774b1072fe87cc
Link:
https://www.unpac.me/results/1f61b322-ed2f-40d6-b588-34fb1599bd57/
SH256 hash:
cf1ed8957d4825743d39f19529138de7131ca8f506440ddc1774f4640dffc599
MD5 hash:
ded1c6e8c89148495fc19734e47b664d
SHA1 hash:
3a444aeacd154f8d66bca8a98615765c25eb3d41
Link:
https://www.unpac.me/results/1f61b322-ed2f-40d6-b588-34fb1599bd57/
Parent samples :
3f947f5a849f11be9079a5c2418240e2faf7e53b63662c85b92fad8f47ea4d09
6a42f7e5290bf7e40e1aa0c0e9ceda098a612d6dda9b7fa613e0c3a58b16b826
d6ec737d10afdaf38cafede9fde045dd3ce7bc72c6ee13df33e018f0e7149893
SH256 hash:
86e7fd4882b259fccbc3ff1f394c984f07eaa32a05d332b7960ffb80ec8421e7
MD5 hash:
0b0861743db97941c3ed0f454a8a125c
SHA1 hash:
b37c609fb2131f09161279d8dfaa617ef4e0c929
Link:
https://www.unpac.me/results/1f61b322-ed2f-40d6-b588-34fb1599bd57/
SH256 hash:
c24a6ba41fe7ad4f7a1dd53ff33fd7ae511cb01b8dbb42e1e9b612a985c7475a
MD5 hash:
3d644b6dd7992c2c7a77aa4ff1596b0b
SHA1 hash:
027c42b1383d4bb00f5ce652dadba20c98559609
Link:
https://www.unpac.me/results/1f61b322-ed2f-40d6-b588-34fb1599bd57/
SH256 hash:
a2547322a08ccc53dd85d015ff750871902f83701de9b1fdc6351df57b9680cd
MD5 hash:
c7378059c0a5b8d3fd830a0136da269e
SHA1 hash:
f73e094e76adb140cc73efa171cdba4e58005c8c
Link:
https://www.unpac.me/results/1f61b322-ed2f-40d6-b588-34fb1599bd57/
SH256 hash:
214ed924a6d248aab166a858f36308ff823646f95cab52a40483c8fd5c3d55be
MD5 hash:
09c8e66743765bfa19ccff9d2e172e72
SHA1 hash:
b6cf6c3059b2f4e3406a945682df77c9a202ab07
Link:
https://www.unpac.me/results/1f61b322-ed2f-40d6-b588-34fb1599bd57/
SH256 hash:
95574d44ab144888d45a50c224263225d8e8f5355dd9810d3fc62c94cd7de811
MD5 hash:
2951e737926606eb7b11f2800c65a70a
SHA1 hash:
4f1a3526162cd68e0a8b8a1f3a4e70dbfb122ae4
Link:
https://www.unpac.me/results/1f61b322-ed2f-40d6-b588-34fb1599bd57/
SH256 hash:
2a3cf79fdc5a779ec4c1b65a2a52d57bf63092b3b9f310ba0ec559a8fcaef037
MD5 hash:
0e34ad21335295ecf6b90b069375eb42
SHA1 hash:
615733ff5e4cb099409f4df3bb9592e24c2cd8e7
Link:
https://www.unpac.me/results/1f61b322-ed2f-40d6-b588-34fb1599bd57/
SH256 hash:
2625db7d94f41ccf4100e327b7c9f2a3a7a07acfab4a30344a5b225dd68a4869
MD5 hash:
bc17b38fdda9755c37f385a30e8c9596
SHA1 hash:
073fb9eee79842f3eed4025c074abd0cde019583
Link:
https://www.unpac.me/results/1f61b322-ed2f-40d6-b588-34fb1599bd57/
SH256 hash:
f37a170b5686ad52980f19d5ed89c7f8ac55d4ae7da1d0d3dc4f65ac24350a6f
MD5 hash:
2506a9c2ce480df8c013b47fd1ac9a7e
SHA1 hash:
3ff2d661a4cd4e1b611dbd95ccf1402189bbaf48
Link:
https://www.unpac.me/results/1f61b322-ed2f-40d6-b588-34fb1599bd57/
SH256 hash:
ebe5d7aa411885fbc335638e014abe4b4646982739f748fce2d23529331af7b4
MD5 hash:
ab9a9361d81d392eb4eedf7050cd022a
SHA1 hash:
8fd720bb525ad208357bdefc5eb881215bde90f0
Link:
https://www.unpac.me/results/1f61b322-ed2f-40d6-b588-34fb1599bd57/
SH256 hash:
045480a084a090029c9f86b103e3f23b4e9e3923180c35d61eca933af3802060
MD5 hash:
a03b66a1ddbda28b4624edd0b7ec2cda
SHA1 hash:
3f1fd35352fbde7a47d94646e6565e7e0e202306
Link:
https://www.unpac.me/results/1f61b322-ed2f-40d6-b588-34fb1599bd57/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/045480a084a0/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/045480a084a090029c9f86b103e3f23b4e9e3923180c35d61eca933af3802060

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_SUSPICIOUS_Stomped_PECompilation_Timestamp_InTheFuture
Create hunting rule
Author:ditekSHen
Description:Detect executables with stomped PE compilation timestamp that is greater than local current time
Rule name:MALWARE_Win_DLInjector06
Create hunting rule
Author:ditekSHen
Description:Detects downloader / injector
Rule name:MALWARE_Win_RedLine
Create hunting rule
Author:ditekSHen
Description:Detects RedLine infostealer
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/215548/

Comments