MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 885cad0b14d28acbc6398fa9e77da646555bb619b8c0958515738033b34de8d2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 885cad0b14d28acbc6398fa9e77da646555bb619b8c0958515738033b34de8d2
SHA3-384 hash: 143ff0820b0973d6ee7042cad24df13a439e2eb2c8d944b4c8a87d53d66b9e911bce1813a6e31a974d70ac7d9c121343
SHA1 hash: 258777d3ef564bfce8c9e142a1bd0e3d683b435a
MD5 hash: fa54e263f68c48fc6eff2d489b19dad0
humanhash: william-oklahoma-sixteen-bakerloo
File name:SecuriteInfo.com.Variant.Johnnie.248518.19445.30791
Download: download sample
File size:172'032 bytes
First seen:2020-05-28 10:54:49 UTC
Last seen:2020-05-28 12:17:00 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 4ebb8d869b17bfd0efae6098c7975892 (1 x RedLineStealer)
ssdeep 3072:KLvYWI5QzxM3BO3eJ7CMzGFDJnHQlV/zGpwrCCnWU5+2xOt3DVfmCbanmtGFO0FA:KLvYWI5QzxM3BO3eJ7C2GFDJnHQlV/zY
Threatray 27 similar samples on MalwareBazaar
TLSH 32F39E2472D1C072D477183208F4DBB1AA7DFD200B989D9B7798177D6E206F14B36AAB
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
2
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Johnnie.248518.19445.30791.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Rdn
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 04:47:10 UTC
File Type:
PE (Exe)
AV detection:
15 of 31 (48.39%)
Threat level:
  2/5
Verdict:
unknown
Similar samples:
0c780ce6cb4281a12cf329e18bdf36b987e34dd15379a4c2f6f8e03ba56e13be
29dbf4847de301b71d7696ac6e1934eea660e3293cf577ee7bd2186479326790
2d33171ef8d245bb5f0e31b062e9f28fcb851d1ddc25a7ae0c13e8814a5cb74f
2eafd2db3852f320398ef9bbbab1d291e52e75bba78e3fe21c0fbffe385ba865
662df407f177b9d63dc16fe5c1068d65c8e1fbe602d05a7cae1db651179b746e
85d879be258470ed22d55bb6fda8be5d0b7d480c23d95b252516e85ccad2fec4
aeb1bfcef382789091e72e2d6cae6e471123d0e8e7a5f39c64abf5a3d9a4eaa8
b99de03440f57a55e0c9a269df9d79ff2214eb859361d217f76fa86579fd82df
d5daf1b01edc6e88121fa81c5374bf5b8d86ac67ba9d18d0babedcdb774e89e8
f628b43fd32640ff1a46ace32d985e3789cf37e5edc124f5f88b90f8c3757452
+ 17 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-wc1ebw68dx/
Behaviour
Suspicious behavior: EnumeratesProcesses
Legitimate hosting services abused for malware hosting/C2
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 885cad0b14d28acbc6398fa9e77da646555bb619b8c0958515738033b34de8d2

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/370379/
  
Delivery method
Distributed via web download

Comments