MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 15da1d8ebabfad5a9ca4f7c790af69bc2e95960057bcf0df8102b8743483448c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RedLineStealer

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	15da1d8ebabfad5a9ca4f7c790af69bc2e95960057bcf0df8102b8743483448c
SHA3-384 hash:	5fe56b29e3d3e66eb1dba52258c010c7f33953e03aa527fdc0f58cdabbd77bb41d8833b1959af0d8d32c325668ecbd4d
SHA1 hash:	795dd8fcdb8e777df52aa0ca440c4356c8b2a188
MD5 hash:	452e1a76316b2b586e6c1b12daebc121
humanhash:	pennsylvania-twelve-utah-december
File name:	Discord Nitro Generator C Project.rar
Download:	download sample
Signature	RedLineStealer Create hunting rule
File size:	1'983'934 bytes
First seen:	2023-04-23 12:33:29 UTC
Last seen:	Never
File type:	rar
MIME type:	application/x-rar
ssdeep	49152:9g09B/Gaeoiva3cl2Q17ULjUI+5A+gr+JhUgA6L6B:+rlajSSUIyA+g4hNA6L6B
TLSH	T166953330A94637F3965811666AEDD3B4BA30CA54C206B4DE4DB9228D3A1F3DC8F6C54B
TrID	61.5% (.RAR) RAR compressed archive (v5.0) (8000/1) 38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Reporter	iam_py_test
Tags:	rar

iam_py_test

Password-protected RAR archive. The password is nitrogen

Intelligence

File Origin

# of uploads :

1

# of downloads :

99

Origin country :

US

Vendor Threat Intelligence

Gathering data

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/15da1d8ebabfad5a9ca4f7c790af69bc2e95960057bcf0df8102b8743483448c

Result

Verdict:

UNKNOWN

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/15da1d8ebabfad5a9ca4f7c790af69bc2e95960057bcf0df8102b8743483448c/

Threat name:

Binary.Trojan.Generic

Status:

Suspicious

First seen:

2023-04-22 23:36:10 UTC

File Type:

Binary (Archive)

AV detection:

3 of 30 (10.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=cxnb3dv2x6wvvhfe67dzbl3jxqxjlfqak66pbx4bak4hinedisga._file

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/230423-sb6c8aff9w/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/15da1d8ebabfad5a9ca4f7c790af69bc2e95960057bcf0df8102b8743483448c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

rar 15da1d8ebabfad5a9ca4f7c790af69bc2e95960057bcf0df8102b8743483448c

(this sample)

exe 0a071e8c255e23a819231774203d5577ba838fa687dd45ac1ae068a71d7d97dc

Dropping

SHA256 0a071e8c255e23a819231774203d5577ba838fa687dd45ac1ae068a71d7d97dc

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/2616437/

Dropping

MD5 5de06e112f619b5f6c6686ba99bbb604

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample