MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1b0f9072826db3de51252297e95dee3d13699fe13f3705b205b6babf67914053. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1b0f9072826db3de51252297e95dee3d13699fe13f3705b205b6babf67914053
SHA3-384 hash: 8bcfdf2ba7a348ee73be5f28c14faf7f07c3fd38c6662b966860db9dbf0ad527ab728f7b429eb301dfccdd4acfe546a2
SHA1 hash: 496ab317975cfd001834f1defcefe39e9057ccbd
MD5 hash: 9cb412b64dbd503c0b8478f66fbb2e2a
humanhash: lactose-oranges-robin-georgia
File name:List Of Products Q002-O417729.zip
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:379'298 bytes
First seen:2021-07-14 16:01:20 UTC
Last seen:2021-07-14 16:03:27 UTC
File type: zip
MIME type:application/zip
ssdeep 6144:zVXSYHxaziV/C0u9HIkIXeflqfvhCc9gtnYpP73+4WA5gkLWEPZCbTteAr40pYk8:J/+iJTUokIuflQl2h8z+lY/PZ+eOdY57
TLSH T11E8423FFE377758ED6EDBACD0CC31C299171F28B619988B02A4227D02E582E2549731D
Reporter cocaman
Tags:RedLineStealer zip


Avatar
cocaman
Malicious email (T1566.001)
From: "Mr. Tudor Popescu <sales@compact-industrial.ro>" (likely spoofed)
Received: "from compact-industrial.ro (unknown [185.222.57.72]) "
Date: "14 Jul 2021 17:24:25 +0200"
Subject: "Re: Confirm New List Of Products Q002-O417729"
Attachment: "List Of Products Q002-O417729.zip"

Intelligence

File Origin
# of uploads :
3
# of downloads :
94
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Win32.Save.a.5506.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/1b0f9072826db3de51252297e95dee3d13699fe13f3705b205b6babf67914053
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1b0f9072826db3de51252297e95dee3d13699fe13f3705b205b6babf67914053/
Threat name:
Win32.Trojan.GenericML
Create hunting rule
Status:
Malicious
First seen:
2021-07-14 15:49:13 UTC
File Type:
Binary (Archive)
Extracted files:
8
AV detection:
17 of 46 (36.96%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dmhza4ucnwz54ujfekl6sxpohujwth7bh43qlmqfw25l6z4ribjq._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210714-xr61fzzt2j/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.38
Link:
https://yomi.yoroi.company/submissions/1b0f9072826db3de51252297e95dee3d13699fe13f3705b205b6babf67914053

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RedLineStealer

zip 1b0f9072826db3de51252297e95dee3d13699fe13f3705b205b6babf67914053

(this sample)

RedLineStealer

Executable exe 6e4265775237b4bb28e03c4a6aca1e68693a63ee37193293538940291721850f

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6e4265775237b4bb28e03c4a6aca1e68693a63ee37193293538940291721850f

Comments