MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a398e91d8b39b6476dab0c6b3cbcba3fa4f4346401a73deda411018f5519492f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a398e91d8b39b6476dab0c6b3cbcba3fa4f4346401a73deda411018f5519492f
SHA3-384 hash: 9ba189581cf1ab9e3f63a0ce562e757c50beed20325db45ba5f62294fcc9ae9f088a751ee02f77cd0694725dac2d2e17
SHA1 hash: 865b65b6c595b1ea1ed372912266d65606d9f019
MD5 hash: 9f0a3c913ea239bd9abd3d8bf43a8f20
humanhash: mirror-one-lamp-bakerloo
File name:BID TENDER DOCUMENTS.zip
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:419'341 bytes
First seen:2021-06-07 06:15:34 UTC
Last seen:2021-06-07 06:16:13 UTC
File type: zip
MIME type:application/zip
ssdeep 12288:K1f8aIde3oHAZw614fUdfmal7Nx3IOUWOAJT+tFxsb8GcDD+uvBSa:8E3e2AZr1UUdfm+HbitFx19vBx
TLSH 029423674B44134F78E620A4D5C9A121FFAD44E930B60D581EFE19BD382BF59ED0DA22
Reporter cocaman
Tags:RedLineStealer zip


Avatar
cocaman
Malicious email (T1566.001)
From: "Maria Simao<admin@mokitens.gq>" (likely spoofed)
Received: "from mokitens.gq (unknown [185.222.58.149]) "
Date: "06 Jun 2021 21:10:42 -0700"
Subject: "RE:Project Quotation Request"
Attachment: "BID TENDER DOCUMENTS.zip"

Intelligence

File Origin
# of uploads :
3
# of downloads :
122
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.810.22422.29393.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/a398e91d8b39b6476dab0c6b3cbcba3fa4f4346401a73deda411018f5519492f
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a398e91d8b39b6476dab0c6b3cbcba3fa4f4346401a73deda411018f5519492f/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-06-07 01:41:09 UTC
File Type:
Binary (Archive)
Extracted files:
15
AV detection:
5 of 47 (10.64%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=uomoshmlhg3eo3nlbrvtzpf2h6spindeagtt33neceay6vizjexq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/210607-alkr34skxx/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a398e91d8b39b6476dab0c6b3cbcba3fa4f4346401a73deda411018f5519492f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RedLineStealer

zip a398e91d8b39b6476dab0c6b3cbcba3fa4f4346401a73deda411018f5519492f

(this sample)

RedLineStealer

Executable exe d85f56d761da68eeedd91aeb6e265478864c0d239d5d0da004c44672068c319a

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d85f56d761da68eeedd91aeb6e265478864c0d239d5d0da004c44672068c319a

Comments