MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6634f1afa7b9a0ff9248647cdfbebbd09afdaa34cdd2176a20869cbc9b7072c6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6634f1afa7b9a0ff9248647cdfbebbd09afdaa34cdd2176a20869cbc9b7072c6
SHA3-384 hash: 3819d5a6957a5ae571bb04fda508e43a7eebaf95cc38825a5dd48292c70184649e36d03a89823d2322992296e98aee95
SHA1 hash: cd994ad814bad89eae04c77d7e2eb8bef440c4f5
MD5 hash: d3abd63a2d899f89d9bb8ada3b834864
humanhash: fourteen-six-nine-tango
File name:Roblox....rar
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:1'782'910 bytes
First seen:2022-09-04 20:51:59 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 49152:Nv4askrhmuzcY5MeHDnfGprECghzcuLFjnkHQHuA:Nv4VkrIup5MeHzGNEGKjyQOA
TLSH T11785332B6BF0C4089B161CCBAE47C3544F5A86F5707DA582E1ABE9F1EB4E0F9995CC40
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Reporter iam_py_test
Tags:passwordprotected rar


Avatar
iam_py_test
Password-protected RAR. The password is 2022

Intelligence

File Origin
# of uploads :
1
# of downloads :
401
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.61758139.20726.897.UNOFFICIAL
Create hunting rule

Gathering data
Result
Verdict:
UNKNOWN
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6634f1afa7b9a0ff9248647cdfbebbd09afdaa34cdd2176a20869cbc9b7072c6/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=my2pdl5hxgqp7esimr6n7pv32cnp3kruzxjbo2raq2olzg3qolda._file
Gathering data
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/6634f1afa7b9a0ff9248647cdfbebbd09afdaa34cdd2176a20869cbc9b7072c6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

rar 6634f1afa7b9a0ff9248647cdfbebbd09afdaa34cdd2176a20869cbc9b7072c6

(this sample)

RedLineStealer

Executable exe c89db6a3fbb0eae125de7f6044fed2c1744eac06660cb04228e0e69f52cefefe

  
Dropping
SHA256 c89db6a3fbb0eae125de7f6044fed2c1744eac06660cb04228e0e69f52cefefe
  
Delivery method
Distributed via web download
  
Dropping
MD5 0d687b8e25bec85dd6ebf61a705146bf

Comments