MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 70194dc6d0943091d50580e89159cfb3743b708bb0546912d4da4495cb755b47. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 70194dc6d0943091d50580e89159cfb3743b708bb0546912d4da4495cb755b47
SHA3-384 hash: 9432ed034f066a2d1c685b662841af7ea389e5ccf07141ba5858c2d38439db9442d500053422413637b4a53cd55766ba
SHA1 hash: 63bc3b7a8c7f8823f110d9652f9cd602259c1e61
MD5 hash: d35ad9c6ddfa0a8ce5f50d76e8e5bc64
humanhash: april-aspen-comet-louisiana
File name:QUOTE_27788387_0092338_0019992DOC.IMG
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:1'835'008 bytes
First seen:2020-12-25 08:03:50 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:rxc4Z4Wwwn7z4jJ44jrxaqf9FOewDJy2P4Y7tsgQxJFMubTyZ3oKLB9pnpP3/Xz3:r
TLSH EF857E02498168CBD7B2D0B0A38DC2D6B38795CCE6EA6FD4BE50E21536DC477EB69D40
Reporter abuse_ch
Tags:Charter img RedLineStealer


Avatar
abuse_ch
Malspam distributing RedLineStealer:

HELO: impout001.msg.chrl.nc.charter.net
Sending IP: 47.43.18.146
From: Lydia Rodriguez<rnott@charter.net>
Subject: Quote
Attachment: QUOTE_27788387_0092338_0019992DOC.IMG (contains "QUOTE_27788387_0092338_0019992DOC.exe")

RedLineStealer C2:
http://redline957.duckdns.org:35253/IRemotePanel

Intelligence

File Origin
# of uploads :
1
# of downloads :
1'037
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Iso_fs1801.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/70194dc6d0943091d50580e89159cfb3743b708bb0546912d4da4495cb755b47/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-12-25 08:04:06 UTC
AV detection:
4 of 48 (8.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=oamu3rwqsqyjdvifqdujcwopwn2dw4elwbkgsewu3jcjls3vlndq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.70
Link:
https://yomi.yoroi.company/submissions/70194dc6d0943091d50580e89159cfb3743b708bb0546912d4da4495cb755b47

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RedLineStealer

img 70194dc6d0943091d50580e89159cfb3743b708bb0546912d4da4495cb755b47

(this sample)

RedLineStealer

Executable exe e10a0b049f468fe1e88dc589c37e6743a248f6f9461f99b0c1ac983694fe958e

  
Dropping
MD5 63504c97d96f3c4516632d9dd03a7598
  
Dropping
RedLineStealer
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e10a0b049f468fe1e88dc589c37e6743a248f6f9461f99b0c1ac983694fe958e

Comments