MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 719e4eb54e56b935ab472d36ae5667a06c7fe1d557fb4bd2efe7414932d9e4d8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 719e4eb54e56b935ab472d36ae5667a06c7fe1d557fb4bd2efe7414932d9e4d8
SHA3-384 hash: a1d2402f22e3214242a538df2eb11f5cbc541968114df62b69a3211b6934d8f09d956c55275dd0b6f06bfc0ad3a5dfa3
SHA1 hash: c667b87cdc612d1e12ef3ed2348b6b0c91e126e2
MD5 hash: 6c6af576bc251a6b856f070cc6052262
humanhash: magnesium-six-batman-sweet
File name:QUOTE_98876_566743_233.IMG
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:1'441'792 bytes
First seen:2021-01-13 07:27:20 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:vy5UYanO8UNCHG1jamtUqFu4gDzU6nnjqKoe:vMNYG1jr9/Q9jqKoe
TLSH 2C658D46AFC1C754CBAC11FE2106406527E5CBBAF2DCE71CDA887172AFD696804FD292
Reporter abuse_ch
Tags:img RedLineStealer


Avatar
abuse_ch
Malspam distributing RedLineStealer:

HELO: smtp.fuse.net
Sending IP: 64.8.71.14
From: Lydia Yonkers<johnportwood@fuse.net>
Reply-To: lydiayonkers@danaackremannl.com
Subject: Quote Request
Attachment: QUOTE_98876_566743_233.IMG (contains "QUOTE_98876_566743_233.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
145
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Iso_fs1801.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/719e4eb54e56b935ab472d36ae5667a06c7fe1d557fb4bd2efe7414932d9e4d8/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-01-13 07:28:10 UTC
AV detection:
9 of 46 (19.57%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ogpe5nkok24tlk2hfu3k4vthubwh7yovk75uxuxp45ausmwz4tma._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.64
Link:
https://yomi.yoroi.company/submissions/719e4eb54e56b935ab472d36ae5667a06c7fe1d557fb4bd2efe7414932d9e4d8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RedLineStealer

img 719e4eb54e56b935ab472d36ae5667a06c7fe1d557fb4bd2efe7414932d9e4d8

(this sample)

RedLineStealer

Executable exe d7e41edbdfb2f64098382cea28b8069402da3ae4c0e4511fecd81df614c23a31

  
Dropping
MD5 a0c2ebdd9f987f5cd0e82d8d5aa9e636
  
Dropping
RedLineStealer
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d7e41edbdfb2f64098382cea28b8069402da3ae4c0e4511fecd81df614c23a31

Comments