MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3807dfa3f53e38da95f038ce6498ce7cf42a6da290c48d856f45de7ca9ab11ac. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RedLineStealer

Vendor detections: 4

Intelligence 4 IOCs YARA 3 File information Comments

SHA256 hash:	3807dfa3f53e38da95f038ce6498ce7cf42a6da290c48d856f45de7ca9ab11ac
SHA3-384 hash:	5eaad4b8744d27114ec665c313ddceda7247246174496d7739978134d135af22d5570f72382357c6e90b06160a3336f2
SHA1 hash:	ada0a4ac209e11d8858959f7e6f4f31433184898
MD5 hash:	2aba0be89cad82f286462259d4494ffc
humanhash:	jig-texas-fourteen-earth
File name:	Orden-CVE6535 _TVOP-MIO, pdf.exe
Download:	download sample
Signature	RedLineStealer Create hunting rule
File size:	705'536 bytes
First seen:	2021-05-20 17:52:04 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep	12288:RzxacKzg2K0GX3eN+Mh6dXV+a/woq3wCAtS8bR4pHLolyAKp:RmzK5e4Me+83qgCAVRYHLolWp
Threatray	106 similar samples on MalwareBazaar
TLSH	D8E4D06030E857C3E5BE5FB11866902027F5789DE756E10F3D9A73DE00B2B4146AEB3A
Reporter	abuse_ch
Tags:	exe RedLineStealer

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/160258/

Detection(s):

SecuriteInfo.com.Trojan.PackedNET.747-1.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Launching the default Windows debugger (dwwin.exe)

Sending a UDP request

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/3807dfa3f53e38da95f038ce6498ce7cf42a6da290c48d856f45de7ca9ab11ac/

Threat name:

Win32.Trojan.Generic

Status:

Suspicious

First seen:

2021-05-20 17:52:22 UTC

AV detection:

6 of 47 (12.77%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=had57i7vhy4nvfpqhdhgjggopt2cu3ncsdci3blpixphzknlcgwa._file

Verdict:

unknown

RedLineStealer

2f7909f2f9c886007630cef749f408d4d7be271182dadf6bb0ff6924ad65703f

RedLineStealer

4c62c2ecd995bf191bb07ef249faea4c1f1f1e05a60fcdf60743cbd4bb9dc4da

RedLineStealer

65aaafb0ff30d74d71b57e4890e42f6cb9dce158b853e336971c7d1a717a07c1

RedLineStealer

7db918fd5b12da70b9084a2d452d94b9d6e8daa64a91f233e22ed2ee13551777

RedLineStealer

8cfafa2cbc8c24afe00f82ca7beef18000cd3ad1a2f45c97a0a6e1921df0c92f

RedLineStealer

b63ecc7941b1c62dc98d59344ec81a623276033f889fa43628010fc54030e100

RedLineStealer

b69927fbfd7eb038b59aa9b7e9f49cb02d127d48fcf6517e65a379e982e806bc

RedLineStealer

bc34e83f5140537d1d23f5124dbb73a2ebaaaea8f29f1c1313fbb845dc223618

RedLineStealer

c7b10e40846d325e917e7beb8a292751557508376749d2a39f05a1ba22e6e53b

RedLineStealer

+ 96 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/210520-63ww14xe1n/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Program crash

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.68

Link:

https://yomi.yoroi.company/submissions/3807dfa3f53e38da95f038ce6498ce7cf42a6da290c48d856f45de7ca9ab11ac

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	pe_imphash Create hunting rule

Rule name:	Skystars_Malware_Imphash Create hunting rule
Author:	Skystars LightDefender
Description:	imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/160258/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample