MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3a21f279c960064cfccdaf1d5baf116ab6a888b235744accba27a1a38b0ec9d6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 5


Intelligence 5 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3a21f279c960064cfccdaf1d5baf116ab6a888b235744accba27a1a38b0ec9d6
SHA3-384 hash: e746396ab0746a31a653d581dc28b98d91c9529b020add2ba0007ff8c480bd063a513b7f53e6434fbc8b3e2ddd005330
SHA1 hash: 312d2c214789d8a53623af507e8ad8038c5d27b8
MD5 hash: 30b4e73ba443b8816498a3e33ac3c434
humanhash: kitten-aspen-twenty-angel
File name:Inquiry Jewelry.exe
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:885'760 bytes
First seen:2021-08-14 14:49:20 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'752 x AgentTesla, 19'657 x Formbook, 12'248 x SnakeKeylogger)
ssdeep 6144:7FItTuJu6EsgTMrV7q3bnymWHjvPcrCyeEGfoUhX2hiug/0T3+mLx+OHsaoOwDN:iV6Esg0V7rrGMfxX2Nc07RyTZ
Threatray 40 similar samples on MalwareBazaar
TLSH T14B153E3D5AB93627C0BAC775CBE18817B0949CAFB511AD959CC663260322F9275C323F
dhash icon b2b3b3b2a6bcb8b2 (1 x RedLineStealer, 1 x Formbook)
Reporter abuse_ch
Tags:exe RedLineStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
157
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Inquiry Jewelry.exe
Verdict:
Suspicious activity
Analysis date:
2021-08-14 14:52:19 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/2484f23f-4a8b-4fcf-81d7-94cb4e1f9d79

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/179249/
Detection(s):
SecuriteInfo.com.Trojan.Siggen14.59996.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Unauthorized injection to a recently created process
Creating a file
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/cc45093e-b845-4283-b5b2-12f5f8ffbb45
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/832921
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected AntiVM3
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3a21f279c960064cfccdaf1d5baf116ab6a888b235744accba27a1a38b0ec9d6/
Threat name:
ByteCode-MSIL.Packed.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-08-14 14:33:26 UTC
AV detection:
12 of 27 (44.44%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hiq7e6ojmadez7gnv4ovxlyrnk3krcfsgv2evtf2e6q2hcyozhla._file
Verdict:
unknown
Similar samples:
1b547f3e1121e3960deacf56d8e8f23374dd51d14e838289f7b917de93a93fc1
RedLineStealer
2acc1fa411a5aefa2ffbf78814683342ad0be18d2097c58eae1d01e8ade2b729
RedLineStealer
4b491fcb61a8ba59032d4be413054bbe81cd03235656c74fb237cce58226fcdc
RedLineStealer
6db0acaf93c96f9f60fbb40861f31c1c195c460814e927b8abc81c738353f4c7
RedLineStealer
72613ff71f562a69888fabe2317276332597acdef93135293aa3193686012504
RedLineStealer
842bd40a7a2a748900cb7c51dc9f3f5580a0fa6efd2faad1514a81ed14f5647c
RedLineStealer
8a07ebbecc711f77f14fa0a1902ddc74b3da8042500319b603754790b778caca
RedLineStealer
b6653e57f79216e1b607fc5bec5973e7d7cb10d781bb45588b741aa9533919a5
RedLineStealer
e423f6b4b543c1ed3a05bae9ae421e81c17eb3f02d7aea46ff2c9996d76b9858
RedLineStealer
f06e899675196185bd5ced2ea49470470f7b466225b2aae345d0068c652263e6
RedLineStealer
+ 30 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210814-6le32jk4tn/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
33ac6b8012ce739e72022086b5d39b7fc030c20fa72988f76957685509d5c041
MD5 hash:
83f8ae95a7e6f016f6b00482588086e6
SHA1 hash:
70392939d6d60a913b51084ec1d98eaae8ca4868
Link:
https://www.unpac.me/results/e7506509-a9a3-483d-a9ed-5aef6a67b8e6/
SH256 hash:
946ec6146e4a023d8cc882d343d993de7a43684bdb54b080be920589a2f3442e
MD5 hash:
a9a9839abf82da0659e6926b482bdcc7
SHA1 hash:
0ec16dcce678d29c225d600cebc90aff04d5492e
Link:
https://www.unpac.me/results/e7506509-a9a3-483d-a9ed-5aef6a67b8e6/
SH256 hash:
3a21f279c960064cfccdaf1d5baf116ab6a888b235744accba27a1a38b0ec9d6
MD5 hash:
30b4e73ba443b8816498a3e33ac3c434
SHA1 hash:
312d2c214789d8a53623af507e8ad8038c5d27b8
Link:
https://www.unpac.me/results/e7506509-a9a3-483d-a9ed-5aef6a67b8e6/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.45
Link:
https://yomi.yoroi.company/submissions/3a21f279c960064cfccdaf1d5baf116ab6a888b235744accba27a1a38b0ec9d6

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pe_imphash
Create hunting rule
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RedLineStealer

Executable exe 3a21f279c960064cfccdaf1d5baf116ab6a888b235744accba27a1a38b0ec9d6

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/179249/

Comments