MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 198c4bc38743ac5ba7c748db133884f5d314e19531c8b714ae4c6daa9a6fcd60. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 198c4bc38743ac5ba7c748db133884f5d314e19531c8b714ae4c6daa9a6fcd60
SHA3-384 hash: 5ad2916ca5a78924650913b8cbead9e5dd30033e7a387ba42b67d05d5b6918369f585773422c029fefe7fe5fb9b3290d
SHA1 hash: 95be8870190443e1056ebff9977ce9f8e6f1b40c
MD5 hash: 53e059093efdc04dba00c5c01ae6d761
humanhash: cup-oven-utah-louisiana
File name:PGMB7782283023349PDF.IMG
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:1'507'328 bytes
First seen:2020-10-23 06:39:02 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:Mhw6Oz9RJIMQplpdOClvTv7BXijCOPn0owPpDl43Aqkz5PEpklkrkQWsROZbLSHJ:MhsvslpdOCTHG1FdA8rcO2MKKrdH
TLSH 82657CC93100B5DFC413D4B289AC5C70B66078BF831B820B6513666EDA9D683DF696FB
Reporter abuse_ch
Tags:img RedLineStealer


Avatar
abuse_ch
Malspam distributing RedLineStealer:

HELO: usegreenco.com
Sending IP: 50.78.187.17
From: Lydia Yonkers<sales@usegreenco.com>
Subject: Quote Request
Attachment: PGMB7782283023349PDF.IMG (contains "PGMB7782283023349PDF.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/198c4bc38743ac5ba7c748db133884f5d314e19531c8b714ae4c6daa9a6fcd60/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-22 19:03:11 UTC
AV detection:
12 of 29 (41.38%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=dggexq4hiowfxj6hjdnrgoee6xjrjymvgheloffojrw2vgtpzvqa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RedLineStealer

img 198c4bc38743ac5ba7c748db133884f5d314e19531c8b714ae4c6daa9a6fcd60

(this sample)

RedLineStealer

Executable exe b28088f23be9a22ed95c6ff500e48e8958c7fff6eb288f890665ec6399a6e2af

  
Dropping
MD5 1925c556a3bdd8c909ab20c0030ac6ff
  
Dropping
RedLineStealer
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b28088f23be9a22ed95c6ff500e48e8958c7fff6eb288f890665ec6399a6e2af

Comments