MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 68315f9b95450e287e19be6f014114f36aa6fd98eef733e839efe670f302fced. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RedLineStealer

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	68315f9b95450e287e19be6f014114f36aa6fd98eef733e839efe670f302fced
SHA3-384 hash:	5aa161de416d06d0c2191af4ca7cdefb858a5c5931be27ddbfd6adbb65b4b2e22b77b629f1ba3c1d5ecb464449a2833c
SHA1 hash:	8262a74ec500c8f8db800a23ec59c639335e8f32
MD5 hash:	46803687a6f974d618012d1945d7a189
humanhash:	johnny-bakerloo-johnny-nuts
File name:	Ach List64 1.xll
Download:	download sample
Signature	RedLineStealer Create hunting rule
File size:	563'200 bytes
First seen:	2022-03-01 07:51:08 UTC
Last seen:	Never
File type:	xll
MIME type:	application/x-dosexec
imphash	a31761b5a590c4c499d5f4a347d75c12 (23 x Formbook, 17 x AgentTesla, 6 x RedLineStealer)
ssdeep	12288:Kn/zDvGHAykH8vLW/4+8bzbBSreMdwBY4ZyrE7K3yl8PeVooA/AB2LEJZsAQPUqj:4zbGHAzHKjX1/BY4ZyrE7K3yl8PeVoo0
Threatray	71 similar samples on MalwareBazaar
TLSH	T192C47E57F7DBF6B0E6FE867A86F1851C52B774620260A78F664072886D22382453DF0F
Reporter	abuse_ch
Tags:	RedLineStealer xll

Intelligence

File Origin

# of uploads :

1

# of downloads :

159

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Trojan.Generic-9939833-0

SecuriteInfo.com.Artemis4EBC548DF517.17970.15145.UNOFFICIAL

Result

Verdict:

Malicious

File Type:

Office Add-Ins - Suspicious

Link:

https://app.docguard.net/68315f9b95450e287e19be6f014114f36aa6fd98eef733e839efe670f302fced/results/dashboard

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

greyware packed packed

Link:

https://www.filescan.io/uploads/621dd0aab94fb38cb42c5d10/reports/d8fa5469-aeca-4c5b-baed-72641a7f1463/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/68315f9b95450e287e19be6f014114f36aa6fd98eef733e839efe670f302fced/

Threat name:

ByteCode-MSIL.Trojan.ExcelAddin

Status:

Malicious

First seen:

2022-03-01 07:52:15 UTC

File Type:

PE+ (Dll)

Extracted files:

2

AV detection:

20 of 28 (71.43%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=nayv7g4viuhcq7qzxzxqcqiu6nvkn7my533th2bz57thb4yc7twq._file

Verdict:

unknown

Similar samples:

0838b673be73014ff6e29d784247ad3b44a794dd2134301bb25c8dd0a3f5b0ae

93eaa02e5c7c465410e6981da4b4ea3ebd730b8016932d328022da0e8091e763

aba88fbca4bc1906e9602f61b25d48d01cf476d48bda115f317fda930313492c

ade73b7033e024443c9ebffc25a424d3a1fc4e67c674fcd585e9d5d5d2c774a0

b3f6afb079d5d25bea3a043d033091d5a0a8fde399c900a6337bc5e1dd65d279

d340898f14aaa9f884b022b4be1b849eae4be5e275432348dc6bcb1fa09e28cb

e230c4b82bc8c591ef3c4c5bccb49baffd3f04230eab9342afa5216ab6fa5d5f

e5013497a297e36f89cc5dc3e369faf27bb9b88684cad53accad8b006433a6c5

+ 61 additional samples on MalwareBazaar

Result

Malware family:

redline

Score:

10/10

Tags:

family:redline infostealer spyware

Link:

https://tria.ge/reports/220301-jpw72ahad6/

Behaviour

Checks processor information in registry

Enumerates system info in registry

Modifies Internet Explorer settings

Modifies registry class

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Accesses cryptocurrency files/wallets, possible credential harvesting

Loads dropped DLL

Process spawned unexpected child process

RedLine

RedLine Payload

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/68315f9b95450e287e19be6f014114f36aa6fd98eef733e839efe670f302fced

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample