MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 768473d454d620587ac427e7752bdaf6d1b722dd78c9f95a7e0cc687b9a4679a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 768473d454d620587ac427e7752bdaf6d1b722dd78c9f95a7e0cc687b9a4679a
SHA3-384 hash: cd881355b03f2a5c65822d1a60e2a4b39119097d548c4a7b890a5e00c59ba278afbca25a750e364dc986e6c3a275341e
SHA1 hash: 975dcdb201fcb178610efa985f5f3f18b878de3b
MD5 hash: 9c80e620e380cfe0ba7d0cd8c2c22aac
humanhash: pip-aspen-minnesota-stairway
File name:23443_09986654_4556766_PDF.IMG
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:1'245'184 bytes
First seen:2020-12-18 09:27:02 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:kC5aSxl3kumWrLDy3EBoZb/xWDKP6i8JbieOclAvKhAp081nNVjqKoe:aFivW3koZjx/P2Qy6nnjqKoe
TLSH 0A45AE8B394485A8CF6A52F37317454463A5CCFFC548A609BBCD32A35FE5B921C2272B
Reporter abuse_ch
Tags:Charter img RedLineStealer


Avatar
abuse_ch
Malspam distributing RedLineStealer:

HELO: impout001.msg.chrl.nc.charter.net
Sending IP: 47.43.18.142
From: Lydia Wolfen<rwolfen@charter.net>
Subject: Quote Request
Attachment: 23443_09986654_4556766_PDF.IMG (contains "23443_09986654_4556766_PDF.exe")

RedLineStealer C2:
http://redline957.duckdns.org:35253/IRemotePanel

Intelligence

File Origin
# of uploads :
1
# of downloads :
137
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.11940.8681.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/768473d454d620587ac427e7752bdaf6d1b722dd78c9f95a7e0cc687b9a4679a/
Threat name:
ByteCode-MSIL.Infostealer.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-12-18 09:28:05 UTC
AV detection:
5 of 48 (10.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=o2chhvcu2yqfq6wee7txkk6263i3oiw5pde7swt6btdiponem6na._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.30
Link:
https://yomi.yoroi.company/submissions/768473d454d620587ac427e7752bdaf6d1b722dd78c9f95a7e0cc687b9a4679a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RedLineStealer

img 768473d454d620587ac427e7752bdaf6d1b722dd78c9f95a7e0cc687b9a4679a

(this sample)

RedLineStealer

Executable exe 0eb70fd1476d81dcf01cef53f0cc4f6eb2718c86722eb8a08667f929a8254430

  
Dropping
MD5 6b80e672407499b77dc38a13ddd0eb71
  
Dropping
RedLineStealer
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0eb70fd1476d81dcf01cef53f0cc4f6eb2718c86722eb8a08667f929a8254430

Comments