MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1bc52eebe1503adb39064c727b9ad5c23957e0ee2a329b45705fced8eccf2b68. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1bc52eebe1503adb39064c727b9ad5c23957e0ee2a329b45705fced8eccf2b68
SHA3-384 hash: 427120dbda97addec18f80631034c60e430c2efeb55ecfa5461b2033f7acd3aa5555fe9267dff3b1a86501f27de6f22c
SHA1 hash: 0759606f9c9a6d8e6ee64f922b0e8b1e059079b4
MD5 hash: 7cc6dc068b5b09380a3c197f0857e102
humanhash: football-winter-oranges-happy
File name:invoice-2019.iso
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:311'296 bytes
First seen:2021-02-01 09:55:57 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 6144:HbSORziBxUIO4RVEcf1gZIcv49KgLjrYcnHCV7U8+qJ8L:fRziBG4RXa1v49VLrHO/+
TLSH D264E101C292097BC16C75BDB54232C38AB7751B9CB12A75B4CEB25A4BDF2096063BDB
Reporter abuse_ch
Tags:iso RedLineStealer


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: cp8.cpanelhosting.rs
Sending IP: 217.26.215.48
From: office@zsv-novisad.com
Subject: Confirm your payment
Attachment: invoice-2019.iso (contains "RD.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
120
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1bc52eebe1503adb39064c727b9ad5c23957e0ee2a329b45705fced8eccf2b68/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-02-01 09:56:17 UTC
AV detection:
10 of 29 (34.48%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dpcs527bka5nwoigjrzhxgwvyi4vpyhofizjwrlql7hnr3gpfnua._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/1bc52eebe1503adb39064c727b9ad5c23957e0ee2a329b45705fced8eccf2b68

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RedLineStealer

iso 1bc52eebe1503adb39064c727b9ad5c23957e0ee2a329b45705fced8eccf2b68

(this sample)

RedLineStealer

Executable exe 2b6bce478fac3fcfe4e2d44aedbd325c7720b9792c055fe70bc3b9a3ddcc9373

  
Dropping
MD5 0bd5ec266136fec04dc16c1fc4ba6f22
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2b6bce478fac3fcfe4e2d44aedbd325c7720b9792c055fe70bc3b9a3ddcc9373

Comments