MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 642ecc0813761138cff276fdece24e479604dbc7c012a2a168d018330e1905e5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RedLineStealer

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	642ecc0813761138cff276fdece24e479604dbc7c012a2a168d018330e1905e5
SHA3-384 hash:	aa148c58935ef1d78e62accf266dd8953f01addca8b3633ce7ec64097830cbb5342eab1d9b944fd86bc33b9b1b1a4f49
SHA1 hash:	770cf061c53238c38e175b5b845113ab5b93fc6a
MD5 hash:	87b2db4753f3e2a34bc4512f8c9d2285
humanhash:	seven-pluto-hotel-indigo
File name:	Czarevitch.exe
Download:	download sample
Signature	RedLineStealer Create hunting rule
File size:	20'992 bytes
First seen:	2020-04-29 04:29:09 UTC
Last seen:	2020-04-29 05:46:12 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'744 x AgentTesla, 19'616 x Formbook, 12'242 x SnakeKeylogger)
ssdeep	384:dUftYkCtc2xAfIxuRVPtO/BUZvq/7qdSDza2i1T2NwYv1A1eWxz:+K8tztO/BUYzIz1TM+/
Threatray	74 similar samples on MalwareBazaar
TLSH	D892E92173B84739F9EA8BB094E785529331F6678813D7B628C5319D0A73BC44BC63A7
Reporter	JoulK
Tags:	exe RedLineStealer

Intelligence

File Origin

# of uploads :

# of downloads :

101

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.GenericKD.43055507.9468.9302.UNOFFICIAL

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Small

Status:

Malicious

First seen:

2020-04-27 19:05:40 UTC

File Type:

PE (.Net Exe)

Extracted files:

AV detection:

24 of 31 (77.42%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=mqxmycatoyitrt7so366zysoi6lajw6hyajkfili2amdgdqzaxsq._file

Verdict:

malicious

RedLineStealer

555f84812f700d1448fd200f04200ae9d17413652be94c54ba442fccdf9104dc

RedLineStealer

6aeb4c6ab2a989f29fba04866ce13866c082cc729c14502fb86b6a617a3d533a

RedLineStealer

701e2cddd4d1628c01c3ce13a20b5414726995565377e6ddc3133d1245a88cb4

RedLineStealer

7310d9b87d90bb647879dd9a7adc8cb76e0630dca1e15e75abfd0083203e83a2

RedLineStealer

87ff4257e145cb109c3a91260b9412e0bf13ab481ee0d2e592254f8dd77db458

RedLineStealer

aaaf01da2fe823f7ccf2e9d400a94dba2ae428f0dfa7a8eef712696c3b4b6fba

RedLineStealer

c4e42ebfd487b325ece4f09d75687c96e252aa8559f8a8daad6336dc39ee5424

RedLineStealer

d4bb66bd17508438be397f81e2226dd6e4814fcc09573aefec5039a7ec3b10a8

RedLineStealer

e12bf1c4b6712d15cebf8556b8d659bc928c6ac18efbb081d56811bd48ce3359

RedLineStealer

+ 64 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample