MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 943cfa5b626ce8de8d135916a6af6629de6540882980ea3345491c63ae053c10. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RedLineStealer

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	943cfa5b626ce8de8d135916a6af6629de6540882980ea3345491c63ae053c10
SHA3-384 hash:	061355865de82ac2731d995c91890859c4978269ec02fe5a48867316ee6c5f8d803c5090b295c1d4451ecf0d5bceef5c
SHA1 hash:	238fb35cf2cb978a8625700d94fa65bbdb6f2c64
MD5 hash:	e1429e1983991a8872fb174932709990
humanhash:	delaware-nebraska-alaska-white
File name:	ChromiumUpdate.zip
Download:	download sample
Signature	RedLineStealer Create hunting rule
File size:	4'523'974 bytes
First seen:	2022-12-27 11:29:16 UTC
Last seen:	2022-12-28 11:34:40 UTC
File type:	zip
MIME type:	application/zip
ssdeep	49152:6GzICCth5CBPAItXAQy385csfwGGVLS2ErJWIRfS0tRyRx/lKalBy2XJSgganP2h:Z6XCS4638xlC+vWIRfSdR3by2XMinP2h
TLSH	T18726F0AC34F5B85AF5D4437BC3893CB6DB2CA540DBD93D9B8E2081467D8320E5F6A861
TrID	80.0% (.ZIP) ZIP compressed archive (4000/1) 20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter	JAMESWT_WT
Tags:	file-pumped RedLineStealer zip

Intelligence

File Origin

# of uploads :

# of downloads :

130

Origin country :

File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:	ChromiumUpdate.exe
Pumped file	This file is pumped. MalwareBazaar has de-pumped it.
File size:	804'028'487 bytes
SHA256 hash:	0842a9a58afbc69063f4ded76768549f78ae0dbfe717807be6fccc522e6a6f6e
MD5 hash:	bbcda30b04ba64717c6ad8118241b9af
De-pumped file size:	3'647'488 bytes (Vs. original size of 804'028'487 bytes)
De-pumped SHA256 hash:	03ffc6d95854616ecfd1ac8728e531a2e61965891154be36660a3eb16883e28a
De-pumped MD5 hash:	e32f5cc04c70365d37e64f2d2321cae0
MIME type:	application/x-dosexec
Signature	RedLineStealer

Vendor Threat Intelligence

Gathering data

Result

Verdict:

MALICIOUS

Link:

https://labs.inquest.net/dfi/sha256/943cfa5b626ce8de8d135916a6af6629de6540882980ea3345491c63ae053c10

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/943cfa5b626ce8de8d135916a6af6629de6540882980ea3345491c63ae053c10/

Threat name:

Win32.Trojan.Phpw

Status:

Malicious

First seen:

2022-12-27 11:31:40 UTC

File Type:

Binary (Archive)

Extracted files:

AV detection:

8 of 40 (20.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=sq6puw3cntun5ditlelknl3gfhpgkqeifgaoum2fjeoghlqfhqia._file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/943cfa5b626ce8de8d135916a6af6629de6540882980ea3345491c63ae053c10

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample