MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 195246fda044265341dd4f7529d5db578e16f0920a693bbb85fecd16cf224a12. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 195246fda044265341dd4f7529d5db578e16f0920a693bbb85fecd16cf224a12
SHA3-384 hash: 69227508ce414ed396e4bf33ef316f9166be48e56649a71850d262d628e342cd2f0863dde2580f22ce28a3415c638431
SHA1 hash: ed4fe69045b33b6a53af11237f74b817f6153aee
MD5 hash: 0cee8bfb9091ca14e1479fdf39d91402
humanhash: idaho-summer-bluebird-beryllium
File name:0cee8bfb9091ca14e1479fdf39d91402.exe
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:602'624 bytes
First seen:2020-07-01 06:29:12 UTC
Last seen:2020-07-01 07:58:52 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 497648d138290fb4a9ef0b0b6bf0d20f (1 x RedLineStealer)
ssdeep 12288:4SNWLC2dKbSbQwztHkdN8sP3UHDr6WP3v54hPqqKs:/yC2hbQw5Hkd2WeDr9PfmhPqk
TLSH 88D412223791C072C03694B0A655F5F2593FBC3066E56AEB77A42B3F6E32AD06F2C505
Reporter abuse_ch
Tags:exe RedLineStealer

Intelligence

File Origin
# of uploads :
2
# of downloads :
93
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/17584/
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/195246fda044265341dd4f7529d5db578e16f0920a693bbb85fecd16cf224a12/
Threat name:
Win32.Trojan.DanaBot
Create hunting rule
Status:
Malicious
First seen:
2020-07-01 00:59:55 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=dfjen7naiqtfgqo5j52stvo3k6hbn4esbjutxo4f73grntzcjija._file
Verdict:
unknown
Result
Malware family:
n/a
Score:
  6/10
Tags:
evasion spyware trojan
Link:
https://tria.ge/reports/200701-25h3hxmzvs/
Behaviour
Checks processor information in registry
Legitimate hosting services abused for malware hosting/C2
Modifies system certificate store
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe 195246fda044265341dd4f7529d5db578e16f0920a693bbb85fecd16cf224a12

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/401434/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/17584/

Comments