MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2aa660b6e478cd5a7e252364d0b4527b4bf6df471c81d8e1e8f6bb1fa40e2cc6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2aa660b6e478cd5a7e252364d0b4527b4bf6df471c81d8e1e8f6bb1fa40e2cc6
SHA3-384 hash: e0b294d5405c73513792a2c05f9e64d1d80a26850577830a4a65d65480a962d1d7d05771abc28977742d476bc4da32de
SHA1 hash: 2f40e22b14ecc2c172742f924714c8e10ac23a4f
MD5 hash: d4c0d2ae10d9badccc17839ccb9a03a4
humanhash: fruit-fruit-maine-wyoming
File name:PGMGQuote7738388442993PDF.img
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:1'769'472 bytes
First seen:2020-10-10 07:06:59 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:LJn5oyxb/plZTj4/EB/SB+1oKAP1QrJX+wRH6nnjqKoe:voyxb/plZTMsBOHJEkwgjqKoe
TLSH 14855D9E364072DEC967C972DA581C54FBA0B87B830FC207A15712AD9E8DA97CF141B3
Reporter abuse_ch
Tags:img RedLineStealer


Avatar
abuse_ch
Malspam distributing RedLineStealer:

HELO: greencinc.com
Sending IP: 75.10.61.251
From: Lydia Yonkers<sales@greencinc.com>
Subject: Quote Request
Attachment: PGMGQuote7738388442993PDF.img (contains "PGMGQuote7738388442993PDF.exe")

RedLineStealer C2:
http://redline957.duckdns.org:35253/IRemotePanel

Intelligence

File Origin
# of uploads :
1
# of downloads :
146
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2aa660b6e478cd5a7e252364d0b4527b4bf6df471c81d8e1e8f6bb1fa40e2cc6/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-10 04:28:44 UTC
AV detection:
20 of 48 (41.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=fktgbnxepdgvu7rfensnbncspnf7nx2hdsa5rypi625r7jaoftda._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.64
Link:
https://yomi.yoroi.company/submissions/2aa660b6e478cd5a7e252364d0b4527b4bf6df471c81d8e1e8f6bb1fa40e2cc6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RedLineStealer

img 2aa660b6e478cd5a7e252364d0b4527b4bf6df471c81d8e1e8f6bb1fa40e2cc6

(this sample)

RedLineStealer

Executable exe 7125dae23916e0b17700b1282450897c2fcf025d507c9dc5353dd7bb7fe140b3

  
Dropping
MD5 fb868db89e59f07118aff1e6dc80ac24
  
Dropping
RedLineStealer
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7125dae23916e0b17700b1282450897c2fcf025d507c9dc5353dd7bb7fe140b3

Comments