MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4caa991d1cb22a7e09c3c1be216b08527002c9d11821e57753eb7ff7644133f3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RedLineStealer

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	4caa991d1cb22a7e09c3c1be216b08527002c9d11821e57753eb7ff7644133f3
SHA3-384 hash:	34131ea36c36ab45a760fc38abc5b993d46d660a37709db444f3ab7e72be4042806917cd6bb24252a64d8b6254f128aa
SHA1 hash:	e3477f48003aebbe684e79ba4bd3727107d3daf0
MD5 hash:	c7b63ba54605010ecce3cc0e7e47b172
humanhash:	neptune-orange-september-stream
File name:	ChromiumUpdate.zip
Download:	download sample
Signature	RedLineStealer Create hunting rule
File size:	4'362'134 bytes
First seen:	2022-12-27 11:28:42 UTC
Last seen:	2022-12-28 11:34:09 UTC
File type:	zip
MIME type:	application/zip
ssdeep	98304:+8tPwtSELMTaFw4IFv8QIpdgv6ErgM5dGBi6pq0sCnMY:pRwtSRa+4IeQSgSErgudGA6p2pY
TLSH	T1DA16336E0576E21FF2F15B70C300689FCEBE981AAB1565C2ED62D2F6B1634393314672
TrID	80.0% (.ZIP) ZIP compressed archive (4000/1) 20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter	JAMESWT_WT
Tags:	file-pumped RedLineStealer zip

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:	ChromiumUpdate.exe
Pumped file	This file is pumped. MalwareBazaar has de-pumped it.
File size:	804'028'487 bytes
SHA256 hash:	0842a9a58afbc69063f4ded76768549f78ae0dbfe717807be6fccc522e6a6f6e
MD5 hash:	bbcda30b04ba64717c6ad8118241b9af
De-pumped file size:	3'647'488 bytes (Vs. original size of 804'028'487 bytes)
De-pumped SHA256 hash:	03ffc6d95854616ecfd1ac8728e531a2e61965891154be36660a3eb16883e28a
De-pumped MD5 hash:	e32f5cc04c70365d37e64f2d2321cae0
MIME type:	application/x-dosexec
Signature	RedLineStealer

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.W32.Themida.S.gen.Eldorado.18001.11077.UNOFFICIAL

Gathering data

Result

Verdict:

MALICIOUS

Link:

https://labs.inquest.net/dfi/sha256/4caa991d1cb22a7e09c3c1be216b08527002c9d11821e57753eb7ff7644133f3

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/4caa991d1cb22a7e09c3c1be216b08527002c9d11821e57753eb7ff7644133f3/

Threat name:

Win32.Trojan.Phpw

Status:

Malicious

First seen:

2022-12-26 05:33:16 UTC

AV detection:

5 of 26 (19.23%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=jsvjshi4wivh4codyg7cc2yikjyafsordaq6k52t5n77ozcbgpzq._file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/4caa991d1cb22a7e09c3c1be216b08527002c9d11821e57753eb7ff7644133f3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

zip 4caa991d1cb22a7e09c3c1be216b08527002c9d11821e57753eb7ff7644133f3

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/2488126/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample