MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1b3fb9ba285170c77f93034baa7ca4cb33df3049ba929dd6e63277758395a1d7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1b3fb9ba285170c77f93034baa7ca4cb33df3049ba929dd6e63277758395a1d7
SHA3-384 hash: 8cad0f2d510536f85c78d7a52710e9af62a32cb6b35485c6d9a7f1083fdbbe15ac6422bf020a603dcbc4dcae85176ef9
SHA1 hash: e65cff72e98b8be772ceda191fd3771b64a12b4c
MD5 hash: 7f79250fa4af22af181424849f1fec02
humanhash: utah-butter-winner-queen
File name:PGMB7666799210001PDF.IMG
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:1'245'184 bytes
First seen:2020-10-21 10:03:04 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:cML6ROZ2x+FzHv2PJUi321jCaY/7EO11F0HASiyyjK:hLT++FzHOPJUjjCD/4MJd8
TLSH F7459F423184DD99E0672BF6446FD12023F4BD9FC265C60E3F86BA1B65E770220A7B5E
Reporter abuse_ch
Tags:img RedLineStealer


Avatar
abuse_ch
Malspam distributing RedLineStealer:

HELO: usegreenco.com
Sending IP: 50.78.187.17
From: Lydia Yonkers<sales@usegreenco.com>
Subject: Quote Request
Attachment: PGMB7666799210001PDF.IMG (contains "PGMB7666799210001PDF.exe")

RedLineStealer C2:
http://maranaty.xyz/IRemotePanel

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1b3fb9ba285170c77f93034baa7ca4cb33df3049ba929dd6e63277758395a1d7/
Threat name:
ByteCode-MSIL.Spyware.Stelega
Create hunting rule
Status:
Malicious
First seen:
2020-10-20 21:40:50 UTC
AV detection:
14 of 29 (48.28%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=dm73torikfymo74tanf2u7fezmz56mcjxkjj3vxggj3xla4vuhlq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RedLineStealer

img 1b3fb9ba285170c77f93034baa7ca4cb33df3049ba929dd6e63277758395a1d7

(this sample)

RedLineStealer

Executable exe 33ca0e126781911285eecf450b3a6970e971abe3e03d6261186ec10674bf2319

  
Dropping
MD5 f54bf2ee1f10189aa99477761c1c4705
  
Dropping
RedLineStealer
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 33ca0e126781911285eecf450b3a6970e971abe3e03d6261186ec10674bf2319

Comments