MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6aeb4c6ab2a989f29fba04866ce13866c082cc729c14502fb86b6a617a3d533a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6aeb4c6ab2a989f29fba04866ce13866c082cc729c14502fb86b6a617a3d533a
SHA3-384 hash: f8579e10e6083ad79131982fbe64c2f6745b0f8ebe402f6f7a8c2deaebf839531e2be23702a6bd392dcb7ebf8f7ee658
SHA1 hash: bb864e2175c05dd757c54683568ded38a622b2fd
MD5 hash: 97d3a48fdb11425d7c9ed75328f092a4
humanhash: sink-lactose-asparagus-winner
File name:SecuriteInfo.com.Trojan.DownloaderNET.58.13713.29887
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:34'816 bytes
First seen:2020-05-28 09:27:01 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'740 x AgentTesla, 19'599 x Formbook, 12'241 x SnakeKeylogger)
ssdeep 384:zkK/8Dt6BAcvnZV2ZZnEro1DDRZ2eUEjSqa2hHb0CDlwX7+FtK1x5Q6W58kQ/v/5:aDfZm2vrb2KHb0CDlwLEcP5QFvtJM
Threatray 67 similar samples on MalwareBazaar
TLSH 55F24D217BFDC67AD6DF0B78E1B0055B12B5A24B101ACFE79DE4684E5A123428712BE3
Reporter SecuriteInfoCom
Tags:RedLineStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.DownloaderNET.58.13713.29887.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Downloader.Seraph
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 08:14:13 UTC
File Type:
PE (.Net Exe)
Extracted files:
1
AV detection:
21 of 31 (67.74%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
11ca15b773dcbc4abce7a43e410f7515b052c9a75a6f71370d8de601f720459c
RedLineStealer
42830ed7791031846ea94f439a16cad30784dc07aac60aa115f81c6e78faeaa5
RedLineStealer
4aebd2918942c4d01076cd9cb47402c5b8c61e14e86a397488d1abc2e444d626
RedLineStealer
555f84812f700d1448fd200f04200ae9d17413652be94c54ba442fccdf9104dc
RedLineStealer
686a4b97ac3658409328ff06350a2af5d637cbd7bcd6ae9b60d80f52244a803b
RedLineStealer
7310d9b87d90bb647879dd9a7adc8cb76e0630dca1e15e75abfd0083203e83a2
RedLineStealer
aaaf01da2fe823f7ccf2e9d400a94dba2ae428f0dfa7a8eef712696c3b4b6fba
RedLineStealer
d1eb54cb3aa9ba1fc585cf676c4a814b11786b962da1b1959768794d281084ab
RedLineStealer
d4bb66bd17508438be397f81e2226dd6e4814fcc09573aefec5039a7ec3b10a8
RedLineStealer
ed3e3c59713754f3ab1b901db3b1042c790b5b140e882ea909073510133418ca
RedLineStealer
+ 57 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-gvpg7lb426/
Behaviour
Modifies system certificate store
Suspicious use of AdjustPrivilegeToken
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe 6aeb4c6ab2a989f29fba04866ce13866c082cc729c14502fb86b6a617a3d533a

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/370365/
  
Delivery method
Distributed via web download

Comments