MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 42830ed7791031846ea94f439a16cad30784dc07aac60aa115f81c6e78faeaa5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 42830ed7791031846ea94f439a16cad30784dc07aac60aa115f81c6e78faeaa5
SHA3-384 hash: fe754b890aeae528d850a9ea9023f63c280e44dd87918512d3f19c815fa13ad86d1b434e87fc26e6b57532ba1a09e95b
SHA1 hash: b9775451d9f5fac81611c94903ab21a65e2f73ee
MD5 hash: c1998952eb6a32fda384ed7d481d1681
humanhash: shade-hot-november-gee
File name:SecuriteInfo.com.Variant.Ser.Razy.13203.25826.25271
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:20'480 bytes
First seen:2020-06-07 23:44:46 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 384:WKDiITykxhz5rI3bGJL5y//rNENkVYJBfs/LvIORa2v5x5z8BWnbDlmS:B7x3ubGJL5y//rNEBeUOxD5aWbd
Threatray 75 similar samples on MalwareBazaar
TLSH 7892383473ECC771D9AF57B9A9B242A08134E0A38913DB2F58CA71C18B577D10B023A7
Reporter SecuriteInfoCom
Tags:RedLineStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Ser.Razy.13203.25826.25271.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Dropper.Azorult
Create hunting rule
Status:
Malicious
First seen:
2020-06-07 22:11:24 UTC
AV detection:
22 of 30 (73.33%)
Threat level:
  3/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ikbq5v3zcayyi3vjj5bzufwk2mdyjxahvldaviiv7aog46h25ksq._file
Verdict:
malicious
Similar samples:
11ca15b773dcbc4abce7a43e410f7515b052c9a75a6f71370d8de601f720459c
RedLineStealer
34e142c3ca75844c48639cfc8f60513d23c02a65addef3bce69f5b49b34277a1
RedLineStealer
366e9022a9fa52f3402d27ae42fd700628363668dc25ed958c8cd648c6e4e08e
RedLineStealer
5b5eab7a12fdfc6cc39e39193b7a9020ee46e72acac70033236ef9b6b2da32c7
RedLineStealer
686a4b97ac3658409328ff06350a2af5d637cbd7bcd6ae9b60d80f52244a803b
RedLineStealer
6aeb4c6ab2a989f29fba04866ce13866c082cc729c14502fb86b6a617a3d533a
RedLineStealer
89f08e47a8ba6e70c1e313ffd49959a5966f07b2ae77f1afead296ff3146c89c
RedLineStealer
aaaf01da2fe823f7ccf2e9d400a94dba2ae428f0dfa7a8eef712696c3b4b6fba
RedLineStealer
ec837014dcb222fd3780d0730e297c9a09786cc57a42a9da092c9199c1f9660b
RedLineStealer
ed3e3c59713754f3ab1b901db3b1042c790b5b140e882ea909073510133418ca
RedLineStealer
+ 65 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-4qzt61x7tn/
Behaviour
Modifies system certificate store
Suspicious use of AdjustPrivilegeToken
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe 42830ed7791031846ea94f439a16cad30784dc07aac60aa115f81c6e78faeaa5

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/382899/
  
Delivery method
Distributed via web download

Comments