MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 05b7d54bc24b66ac763ccbe6d469905868cce2c9639dc77d505fe209f34810d1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 05b7d54bc24b66ac763ccbe6d469905868cce2c9639dc77d505fe209f34810d1
SHA3-384 hash: 886efd53fd1172b9cd13021d33ba771f5e8a83b3ad293fbb24ade0ad849f97357c8d8b73ae9dcb5df936d9b7c78a8523
SHA1 hash: 5a670bee17a7b789995a07037734f4e5998209a0
MD5 hash: 5cfbbf8631a389dd0d07d98115407180
humanhash: kansas-batman-snake-north
File name:contractsample_advis.pdf.rar
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:4'304'287 bytes
First seen:2022-11-05 12:17:30 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
Note:This file is a password protected archive. The password is: YouMakin@SQRLS
ssdeep 49152:UvjIzvZnF+eaBeVU9mqpjHfSMA8z/kShQMPyJgeoNEnYCV9+H7ReYihZLcGKKQNp:UynFiMaz5vrzseviHdVUbQlZgxKQZZHj
TLSH T121163387A2D1F0174CD26ED65DC10AB621412E4863BE6C625CB25E85F2CF32E8E6F5CD
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Reporter iamdeadlyz
Tags:pw YouMakin@SQRLS rar RedLineStealer scr SquirrelsFlow


Avatar
Iamdeadlyz
Targeted attack under the guise of signing a contract. Sent via WeTransfer.
RedLineStealer C&C: 77.73.134.13:3660

Intelligence

File Origin
# of uploads :
1
# of downloads :
256
Origin country :
n/a
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:contractsample_advis.pdf.scr
File size:792'124'928 bytes
SHA256 hash: 81571eca348dcca61ff85f2285f3b84e9e327578ff126c4ec85b4358c7c3a226
MD5 hash: 1bd367a0fcf871e341429990094655b8
MIME type:application/x-dosexec
Signature RedLineStealer
Vendor Threat Intelligence
Gathering data
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/05b7d54bc24b66ac763ccbe6d469905868cce2c9639dc77d505fe209f34810d1/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=aw35ks6cjntky5r4zptni2mqlbumzywjmoo4o7kql7rat42icdiq._file
Result
Malware family:
redline
Create hunting rule
Score:
  10/10
Tags:
family:redline infostealer spyware
Link:
https://tria.ge/reports/221105-ptgk2afgg9/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Accesses cryptocurrency files/wallets, possible credential harvesting
RedLine
RedLine payload
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/05b7d54bc24b66ac763ccbe6d469905868cce2c9639dc77d505fe209f34810d1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

rar 05b7d54bc24b66ac763ccbe6d469905868cce2c9639dc77d505fe209f34810d1

(this sample)

81571eca348dcca61ff85f2285f3b84e9e327578ff126c4ec85b4358c7c3a226

  
Dropping
SHA256 81571eca348dcca61ff85f2285f3b84e9e327578ff126c4ec85b4358c7c3a226
  
Dropping
SHA256 0e54ac912d63167d1852e5748e20c5ed17aea2f8cf040d2d314977290269a4a5
  
Delivery method
Distributed via web download
  
Dropping
MD5 c7be0380ed860e8be04b9e64a5272938

Comments