MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4ab64bf3848bd35e690879055bcfc38dd7b42c1cee8e6e18135729670a3cda5d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4ab64bf3848bd35e690879055bcfc38dd7b42c1cee8e6e18135729670a3cda5d
SHA3-384 hash: e15902cbffe60e46e73dbe1c6d7e28ab39e32c658ab686f8db5860077df0022d9ae1bd6ab1024f24b56dbaad3c44abe5
SHA1 hash: d1c31e81e83407531ac33620b234dcaf36dd005d
MD5 hash: a82fe23959d574a89cec56b2f98ba42d
humanhash: single-sink-finch-robin
File name:a82fe23959d574a89cec56b2f98ba42d.exe
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:21'504 bytes
First seen:2020-06-29 17:59:09 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'750 x AgentTesla, 19'654 x Formbook, 12'248 x SnakeKeylogger)
ssdeep 384:6W+1Ri0R94enLxCvQGDWGzyWiJLTfBJFOByYJjBtZHi2hWubC34FZEByF:6W+GHeLwIbEyzLT3chCk
Threatray 55 similar samples on MalwareBazaar
TLSH 81A2F825B3CC872AF8FA4BB999B5D2518734F5774D02DB1F08C861D98A63B804E62773
Reporter abuse_ch
Tags:exe RedLineStealer


Avatar
abuse_ch
RedLineStealer C2:
http://213.183.48.120/IRemotePanel

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/16544/
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4ab64bf3848bd35e690879055bcfc38dd7b42c1cee8e6e18135729670a3cda5d/
Threat name:
ByteCode-MSIL.Trojan.Ymacco
Create hunting rule
Status:
Malicious
First seen:
2020-06-29 15:50:00 UTC
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jk3ex44erpjv42iipecvxt6drxl3ila452hg4gatk4uwocr43joq._file
Verdict:
suspicious
Similar samples:
1681aa9c53703a91a8feb2296051bffc02763c1663e8e50113d51c4b7cb37378
RedLineStealer
5c164b47abfcecfc8f75d220cffbe8a9de97cf956154783aae6d885c180c1e8d
RedLineStealer
62824d9a353a539053724252d3710008e5894f3580fec8449ec38b7828e7b389
RedLineStealer
aa30299c8266809acb727ef5ec89a80f0cdbcc848550607743f256438f00e398
RedLineStealer
aa4ea575f062475547ce69415145acded3eda98cff4e8e2b532b1f3201b1b0bf
RedLineStealer
bfb194c2020359da5169cc6eb2664551e61ccbe7c67af375c7c7c5c8f2b84bc9
RedLineStealer
cb17f05722fdf539b6675a082e193e5e29957c41dfd8bf114895c8278389162d
RedLineStealer
cfac75f3ee6ba6f7816e73908f679a7c185b12044580c1f6b0cbf41dfe74b0f7
RedLineStealer
dbbc9e640af23658de56eba2f5ec2152de38fa35f11343f0d2216b8b5d7967a8
RedLineStealer
ed1a371e8918f6f1dde9fad1e3edb2c984ea3704217e2bca5b2489b61d1bc56e
RedLineStealer
+ 45 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200629-3xbbwa5csj/
Behaviour
Suspicious use of AdjustPrivilegeToken
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe 4ab64bf3848bd35e690879055bcfc38dd7b42c1cee8e6e18135729670a3cda5d

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/16544/
  
URLhaus
https://urlhaus.abuse.ch/url/401438/
  
Delivery method
Distributed via web download

Comments