MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 701e2cddd4d1628c01c3ce13a20b5414726995565377e6ddc3133d1245a88cb4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 701e2cddd4d1628c01c3ce13a20b5414726995565377e6ddc3133d1245a88cb4
SHA3-384 hash: b9f5a65d5969e903e6a4874e05bfdb0c6a67d8c822242cd4684b642327209948c6f0e9ec4acb5a67de262d7765b4d774
SHA1 hash: d79cb59df817289183dd9e54f8a61b252ca358a7
MD5 hash: 00e6213e5c614ece7ce38fed4e58afd5
humanhash: lactose-winner-sink-colorado
File name:SecuriteInfo.com.Trojan.GenericKD.43042655.30790.30725
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:32'768 bytes
First seen:2020-04-30 01:07:37 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'650 x AgentTesla, 19'462 x Formbook, 12'203 x SnakeKeylogger)
ssdeep 768:ILVoEiGXc2zwV0aQWmwsJ2V4B3WAX9OVc1XcK9qmc2OmNkESk:0S0aQWaJ2VMfYET
Threatray 87 similar samples on MalwareBazaar
TLSH 24E2D61273EC9330D9F74BB068F59641CB71F1678C12D76A1AC8629B4767A80CB627E3
Reporter SecuriteInfoCom
Tags:RedLineStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
97
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.43042655.30790.30725.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Small
Create hunting rule
Status:
Malicious
First seen:
2020-04-24 09:58:00 UTC
File Type:
PE (.Net Exe)
Extracted files:
1
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=oapczxou2friyaodzyj2ec2ucrzgtfkwkn36nxodcm6rernirs2a._file
Verdict:
malicious
Similar samples:
4aebd2918942c4d01076cd9cb47402c5b8c61e14e86a397488d1abc2e444d626
RedLineStealer
555f84812f700d1448fd200f04200ae9d17413652be94c54ba442fccdf9104dc
RedLineStealer
642ecc0813761138cff276fdece24e479604dbc7c012a2a168d018330e1905e5
RedLineStealer
6aeb4c6ab2a989f29fba04866ce13866c082cc729c14502fb86b6a617a3d533a
RedLineStealer
7310d9b87d90bb647879dd9a7adc8cb76e0630dca1e15e75abfd0083203e83a2
RedLineStealer
87ff4257e145cb109c3a91260b9412e0bf13ab481ee0d2e592254f8dd77db458
RedLineStealer
aaaf01da2fe823f7ccf2e9d400a94dba2ae428f0dfa7a8eef712696c3b4b6fba
RedLineStealer
c4e42ebfd487b325ece4f09d75687c96e252aa8559f8a8daad6336dc39ee5424
RedLineStealer
d4bb66bd17508438be397f81e2226dd6e4814fcc09573aefec5039a7ec3b10a8
RedLineStealer
e12bf1c4b6712d15cebf8556b8d659bc928c6ac18efbb081d56811bd48ce3359
RedLineStealer
+ 77 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe 701e2cddd4d1628c01c3ce13a20b5414726995565377e6ddc3133d1245a88cb4

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/354277/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments