MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 82edba13d3bfcb9ccded6ad080a805b705ae25978f58884e7763eda24187061a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 5


Intelligence 5 IOCs YARA 2 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 82edba13d3bfcb9ccded6ad080a805b705ae25978f58884e7763eda24187061a
SHA3-384 hash: 9f75180a8624ff92d19285528cb7abf0a476ad526486122ada2cfaf5b5bc0e2d8707439c3fd91394986093fea08101cd
SHA1 hash: 12cbd0319b17e7e8372b5c21da2387919dd85797
MD5 hash: a279add023dd6a0fcbf1d5da05fbddeb
humanhash: yellow-ack-arizona-maine
File name:a279add023dd6a0fcbf1d5da05fbddeb
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:562'688 bytes
First seen:2021-07-28 15:28:17 UTC
Last seen:2021-07-28 16:49:52 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'664 x AgentTesla, 19'478 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 12288:HNihlp7iS/d348myPZV7abELHdUnVc3Q3LZ6BMy8dmB:HMloS/d33ZRL9yQKZc
Threatray 17 similar samples on MalwareBazaar
TLSH T19FC47C65848CDF9BDC5C03B4DA8C02F02EF19CA6E170E6633E857DB1B5B0A15D9B9386
dhash icon 4549494d4d2b714d (7 x Formbook, 6 x AgentTesla, 3 x NanoCore)
Reporter zbetcheckin
Tags:32 exe RedLineStealer

Intelligence

File Origin
# of uploads :
2
# of downloads :
99
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
scan.xlsx
Verdict:
Malicious activity
Analysis date:
2021-07-28 14:42:48 UTC
Tags:
encrypted exploit CVE-2017-11882 loader
Link:
https://app.any.run/tasks/ab2b8372-5fb3-4a0c-a9de-4a26f9abfb11

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/174687/
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.953.18742.3516.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/63cd8856-22c9-485d-8521-5fdd28422944
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/823469
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Gathering data
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-07-28 15:29:04 UTC
File Type:
PE (.Net Exe)
Extracted files:
9
AV detection:
15 of 28 (53.57%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
11c57727c43aa2062fb4194e9df78a89a9482169f603f7ead5bdd77f2ccf69d6
RedLineStealer
35d212409544435a45ce577615da11f75cc4cf6dc56bce849651aede5c1ae437
RedLineStealer
6e0a311a65d4810bb81669f0481061a7f89d1f6f50f073acf1a4aaf0b91d8c5c
RedLineStealer
8ca049e0699925d3ea76cb769814c220c410f29eae2f862ddbb03361e5a92d73
RedLineStealer
9daa927aa15e1c6288da64a16cf104bccd039e866d200a68853e857408fa1ad3
RedLineStealer
a4e90f1645d6f72aa4c47bed2f53aef2dc43476375731250d2e2f11c3db56b6a
RedLineStealer
e073aab2cbe186ad2ab3e494beccad2d3591bc446cebf3ad7bd471748f29a0d1
RedLineStealer
eac598331e98c72219bd9f7fbc5754288aaa0236cd27d09bce81a182503ac7ea
RedLineStealer
fc5ed0a66d1dc9b980a9c09c563979d48c840963569ccb81eb5972beed07c2b8
RedLineStealer
fcf18834ac1300232136e77aa0609c15cd70c728c927bb1b3cca330a0112b7f9
RedLineStealer
+ 7 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
n/a
Link:
https://tria.ge/reports/210728-xsdmw1tw9n/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
CustAttr .NET packer
Unpacked files
SH256 hash:
25b003ff7511865697a2307285b2ac759c41cdf151c1bc2f6e347836bc2803f9
MD5 hash:
58a95ce68a8abccc7ea47f62d14e54a3
SHA1 hash:
5d8243b809b4c99cebca2f62bddcc497c2f3deed
Link:
https://www.unpac.me/results/c755808d-951b-473b-b8ae-aa4c7c713bd9/
SH256 hash:
97d2fa1d01b2f9a2199896e05e0cf60c14a9f41ef2d72e15fbb862b7afa08438
MD5 hash:
68463851c0e6fe7a254c99fae763d454
SHA1 hash:
4587a5371d88c296a0184fe47ee0c5245b187127
Link:
https://www.unpac.me/results/c755808d-951b-473b-b8ae-aa4c7c713bd9/
SH256 hash:
82edba13d3bfcb9ccded6ad080a805b705ae25978f58884e7763eda24187061a
MD5 hash:
a279add023dd6a0fcbf1d5da05fbddeb
SHA1 hash:
12cbd0319b17e7e8372b5c21da2387919dd85797
Link:
https://www.unpac.me/results/c755808d-951b-473b-b8ae-aa4c7c713bd9/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/82edba13d3bfcb9ccded6ad080a805b705ae25978f58884e7763eda24187061a

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe 82edba13d3bfcb9ccded6ad080a805b705ae25978f58884e7763eda24187061a

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1487557/
Cape
Cape
https://www.capesandbox.com/analysis/174687/

Comments


Avatar
zbet commented on 2021-07-28 15:28:19 UTC

url : hxxp://198.12.107.11/gsm/gps/vbc.exe