MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3c90e174ff5097d991e0b99001a4e64e0c9e312df0ec03cee51380148974920e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3c90e174ff5097d991e0b99001a4e64e0c9e312df0ec03cee51380148974920e
SHA3-384 hash: 32c43ace3e9113567ba63f0cc8841f9fc22876a71770169090c5e25d49122c8ddba3fa6568ad95e15e8e546c69004054
SHA1 hash: 3342f1c54a993f0451dd0b4ca4137781f2959b02
MD5 hash: 173171c94f48e449e8a604110e0aca26
humanhash: table-golf-hotel-alaska
File name:1145259821.exe
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:1'048'576 bytes
First seen:2020-06-25 11:14:46 UTC
Last seen:2020-06-25 11:45:29 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash bf5a4aa99e5b160f8521cadd6bfe73b8 (434 x RedLineStealer, 31 x AgentTesla, 12 x DCRat)
ssdeep 24576:9k70Trcg1UA+lI+Y7a0e5P+zd6bhZmqugCp:9kQTAgg9h0+Q0bhZ+p
Threatray 215 similar samples on MalwareBazaar
TLSH 852512103091C077C4FB143444E6CB75997A34B60B6A66E7B7992BBA6F322E1B3351CE
Reporter JAMESWT_WT
Tags:Redline RedLineStealer

Intelligence

File Origin
# of uploads :
2
# of downloads :
199
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/14211/
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching a process
Creating a file
Connection attempt
Running batch commands
Using the Windows Management Instrumentation requests
Searching for the window
Forced system process termination
Forced shutdown of a system process
Launching a tool to kill processes
Unauthorized injection to a system process
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3c90e174ff5097d991e0b99001a4e64e0c9e312df0ec03cee51380148974920e/
Threat name:
Win32.Trojan.Ymacco
Create hunting rule
Status:
Malicious
First seen:
2020-06-17 18:23:45 UTC
File Type:
PE (Exe)
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hsioc5h7kcl5tepaxgiadjhgjygj4mjn6dwahtxfcoabjclusiha._file
Verdict:
malicious
Similar samples:
0dece9fdaaf9fca84d4ea64f94e789ee03a7a7e663d138327c662c4fc23aa2bb
RedLineStealer
116c73aa349f83509f2440164027a89a7654d352231ffe5fbf6ff81e37003b8c
RedLineStealer
3428e7b4b164f5368a799c3eff77c10ca69508ddca29e5268b238c0018426896
RedLineStealer
34e142c3ca75844c48639cfc8f60513d23c02a65addef3bce69f5b49b34277a1
RedLineStealer
366e9022a9fa52f3402d27ae42fd700628363668dc25ed958c8cd648c6e4e08e
RedLineStealer
5b5eab7a12fdfc6cc39e39193b7a9020ee46e72acac70033236ef9b6b2da32c7
RedLineStealer
89f08e47a8ba6e70c1e313ffd49959a5966f07b2ae77f1afead296ff3146c89c
RedLineStealer
d52bf5a290ca4006cf1a7e2a1e808d20e97dad4ecd577c007359fe964b09ceae
RedLineStealer
dd95534ba96dec77e6e6deb7c3d29e34bf0e5941099c13c39b9ced0495c11902
RedLineStealer
ec837014dcb222fd3780d0730e297c9a09786cc57a42a9da092c9199c1f9660b
RedLineStealer
+ 205 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/200625-rkf1nme6gx/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Kills process with taskkill
Suspicious use of SetThreadContext
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
X
https://twitter.com/iamwinstonm/status/1275548216470233092
Cape
Cape
https://www.capesandbox.com/analysis/14211/

Comments