MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7310d9b87d90bb647879dd9a7adc8cb76e0630dca1e15e75abfd0083203e83a2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RedLineStealer

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	7310d9b87d90bb647879dd9a7adc8cb76e0630dca1e15e75abfd0083203e83a2
SHA3-384 hash:	f3b48cfa843dbd11f562a8eddf7b3b5d1cd5c6f112af42b3236c92fdad3f6e50d7d341de238a467609bb94ef123fe65b
SHA1 hash:	4a9c0c08afc5dfe10722d8f3126bce7de4f31d5e
MD5 hash:	c19c9fa6faab2f58ec048bb4718a0150
humanhash:	december-tennessee-violet-vegan
File name:	c19c9fa6faab2f58ec048bb4718a0150.exe
Download:	download sample
Signature	RedLineStealer Create hunting rule
File size:	755'712 bytes
First seen:	2020-05-06 18:00:39 UTC
Last seen:	2020-05-06 19:04:26 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	1d7b2567a473fc1c4709b84cf37d1236 (1 x RedLineStealer)
ssdeep	12288:bBdO3PYSN1RzpLYMEDuZver3ilS7H7nSBZiH:bvObNPpLnceQ1H
Threatray	2'008 similar samples on MalwareBazaar
TLSH	D5F4026272D0ECB2F2571534495997F0FB2AB8679A7099CB3798FA1F1FF42D08621306
Reporter	abuse_ch
Tags:	exe RedLineStealer

Intelligence

File Origin

# of uploads :

2

# of downloads :

96

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Downloader.Aiis-6803892-0

Gathering data

Threat name:

Win32.Trojan.Androm

Status:

Malicious

First seen:

2020-05-06 20:54:00 UTC

File Type:

PE (Exe)

Extracted files:

64

AV detection:

25 of 31 (80.65%)

Threat level:

2/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=omintod5sc5wi6dz3wnhvxemw5xammg4uhqv45nl7uaigib6qora._file

Verdict:

malicious

Label(s):

hawkeyekeylogger

Similar samples:

642ecc0813761138cff276fdece24e479604dbc7c012a2a168d018330e1905e5

6aeb4c6ab2a989f29fba04866ce13866c082cc729c14502fb86b6a617a3d533a

87ff4257e145cb109c3a91260b9412e0bf13ab481ee0d2e592254f8dd77db458

aa0ef170fbdf28b626cafc71c401ce5e5b151efca751e1301ab1d68ddc6af5ad

aaaf01da2fe823f7ccf2e9d400a94dba2ae428f0dfa7a8eef712696c3b4b6fba

c4a2c8397cfa4f7f16a317aad541b6c48e35c4420249f702b2c6f01faf66ef61

c4e42ebfd487b325ece4f09d75687c96e252aa8559f8a8daad6336dc39ee5424

d1eb54cb3aa9ba1fc585cf676c4a814b11786b962da1b1959768794d281084ab

d4bb66bd17508438be397f81e2226dd6e4814fcc09573aefec5039a7ec3b10a8

e12bf1c4b6712d15cebf8556b8d659bc928c6ac18efbb081d56811bd48ce3359

+ 1'998 additional samples on MalwareBazaar

Result

Malware family:

agenttesla

Score:

10/10

Tags:

family:agenttesla keylogger spyware stealer trojan upx

Link:

https://tria.ge/reports/201109-q1n18nns72/

Behaviour

Kills process with taskkill

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: MapViewOfSection

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Program crash

Suspicious use of SetThreadContext

UPX packed file

AgentTesla Payload

AgentTesla

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 7310d9b87d90bb647879dd9a7adc8cb76e0630dca1e15e75abfd0083203e83a2

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/337938/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample