MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aa0ef170fbdf28b626cafc71c401ce5e5b151efca751e1301ab1d68ddc6af5ad. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aa0ef170fbdf28b626cafc71c401ce5e5b151efca751e1301ab1d68ddc6af5ad
SHA3-384 hash: e64d4bf757408ab2c71059d1e6c0cbc336ff939f0b9d00527c93aa625d00f18abed762dd6dadf77ee7e7e034f599ffb8
SHA1 hash: 0b5b4b8226c7c8e9c1d64aee8209dae60a14745c
MD5 hash: a2a86e07879b36c569f8de2915d7375b
humanhash: november-don-minnesota-california
File name:SecuriteInfo.com.Gen.Variant.Barys.54078.8563.7745
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:880'128 bytes
First seen:2020-05-15 20:31:05 UTC
Last seen:2020-05-15 21:29:23 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash bf5a4aa99e5b160f8521cadd6bfe73b8 (432 x RedLineStealer, 31 x AgentTesla, 12 x DCRat)
ssdeep 24576:+k70Trc0bZdeqVDT918ro80xBk99qA6MnmQH80b4t5A8:+kQTAqZdtVX918V79QlsmQH/4Q8
Threatray 216 similar samples on MalwareBazaar
TLSH FD15121171D0C5B3C06B113584F5CAA46A7A70705BBBA1DBBBEE1B346E153E2533A2CE
Reporter SecuriteInfoCom
Tags:RedLineStealer

Intelligence

File Origin
# of uploads :
2
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Gen.Variant.Barys.54078.8563.7745.UNOFFICIAL
Create hunting rule

PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 02:28:35 UTC
File Type:
PE (Exe)
AV detection:
35 of 48 (72.92%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vihpc4h334ulmjwk7ry4iaoolznrkhx4u5i6cma2whli3xdk6wwq._file
Verdict:
malicious
Similar samples:
4aebd2918942c4d01076cd9cb47402c5b8c61e14e86a397488d1abc2e444d626
RedLineStealer
642ecc0813761138cff276fdece24e479604dbc7c012a2a168d018330e1905e5
RedLineStealer
6aeb4c6ab2a989f29fba04866ce13866c082cc729c14502fb86b6a617a3d533a
RedLineStealer
7310d9b87d90bb647879dd9a7adc8cb76e0630dca1e15e75abfd0083203e83a2
RedLineStealer
aaaf01da2fe823f7ccf2e9d400a94dba2ae428f0dfa7a8eef712696c3b4b6fba
RedLineStealer
c4a2c8397cfa4f7f16a317aad541b6c48e35c4420249f702b2c6f01faf66ef61
RedLineStealer
c4e42ebfd487b325ece4f09d75687c96e252aa8559f8a8daad6336dc39ee5424
RedLineStealer
d1eb54cb3aa9ba1fc585cf676c4a814b11786b962da1b1959768794d281084ab
RedLineStealer
d4bb66bd17508438be397f81e2226dd6e4814fcc09573aefec5039a7ec3b10a8
RedLineStealer
e12bf1c4b6712d15cebf8556b8d659bc928c6ac18efbb081d56811bd48ce3359
RedLineStealer
+ 206 additional samples on MalwareBazaar
Result
Malware family:
redline
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla family:redline infostealer keylogger spyware stealer trojan
Link:
https://tria.ge/reports/201109-rnwq18cbfa/
Behaviour
Kills process with taskkill
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
AgentTesla Payload
AgentTesla
RedLine
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe aa0ef170fbdf28b626cafc71c401ce5e5b151efca751e1301ab1d68ddc6af5ad

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/363271/
  
Delivery method
Distributed via web download

Comments