MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 09d925bc8f4f6dbf18fca03e607a3a1b67c61fa2787612bd921a754b61c3fb61. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 09d925bc8f4f6dbf18fca03e607a3a1b67c61fa2787612bd921a754b61c3fb61
SHA3-384 hash: 8832ac9960df739e45faa2247f4c67d713aaab09c17590bcdf3fd9b68534a9c887d4d56b5d24c295bcf068301255a5ef
SHA1 hash: 6eb39f62efbafefc941ca6132217beac2621c354
MD5 hash: 3ddb9878e260b5e25b8fa8bffb865119
humanhash: hawaii-failed-rugby-missouri
File name:PGMB8873746621102PDF.IMG
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:1'245'184 bytes
First seen:2020-10-27 09:29:02 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:jXNBlpsHLxn9UPtgAr3s4PXCRvb3GI77dsDVQQe7uMs58Q:pR8n9sbPXU3GqKDVMY5
TLSH 3B45017479A3870BD84403BA94041C598B32FC56073ED256FE8E71CF1B9EB1A855AFA3
Reporter abuse_ch
Tags:img RedLineStealer


Avatar
abuse_ch
Malspam distributing RedLineStealer:

HELO: greenc.com
Sending IP: 173.10.56.138
From: Lydia Yonkers<sales@greenc.com>
Subject: Quote
Attachment: PGMB8873746621102PDF.IMG (contains "PGMB8873746621102PDF.exe")

RedLineStealer C2:
http://redline957.duckdns.org:35253/IRemotePanel

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/09d925bc8f4f6dbf18fca03e607a3a1b67c61fa2787612bd921a754b61c3fb61/
Threat name:
ByteCode-MSIL.Trojan.RedLineStealer
Create hunting rule
Status:
Malicious
First seen:
2020-10-26 16:47:15 UTC
AV detection:
13 of 29 (44.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bhmslpepj5w36gh4ua7ga6r2dnt4mh5cpb3bfpmsdj2uwyod7nqq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RedLineStealer

img 09d925bc8f4f6dbf18fca03e607a3a1b67c61fa2787612bd921a754b61c3fb61

(this sample)

RedLineStealer

Executable exe 3f4edcc6bf20a7857029161e93c4ce63f95ba890dc0fc5282bd8d7aa0cf40d8c

  
Dropping
MD5 78fa63d9ea4becba88762e0c08ceef9b
  
Dropping
RedLineStealer
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3f4edcc6bf20a7857029161e93c4ce63f95ba890dc0fc5282bd8d7aa0cf40d8c

Comments