MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aaaf01da2fe823f7ccf2e9d400a94dba2ae428f0dfa7a8eef712696c3b4b6fba. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aaaf01da2fe823f7ccf2e9d400a94dba2ae428f0dfa7a8eef712696c3b4b6fba
SHA3-384 hash: 259d2860e8bfa0a0d9d13e941c985cc72885688d252841e47ed2db8a6e0356e8fcdb8ae2312ac605ece6fb3d79c9e8eb
SHA1 hash: 253228806a888b4d886ff78ebdf419404b654c87
MD5 hash: 67fe1e982db7791d61116525b7d6fe48
humanhash: sodium-high-cola-finch
File name:67fe1e982db7791d61116525b7d6fe48.exe
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:41'472 bytes
First seen:2020-05-26 09:45:39 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'657 x AgentTesla, 19'468 x Formbook, 12'206 x SnakeKeylogger)
ssdeep 768:PtefgxvsHEmuTowjQPK98fCyMfXzYbLF8Oz3bxNwh9sqvao:PYfUUYTowIVkjYN843zw4oao
Threatray 69 similar samples on MalwareBazaar
TLSH D8132A2077BDCD3FEBDD4A7991706716457572039602DBB64EF9A44E2A223024B13BB3
Reporter abuse_ch
Tags:exe RedLineStealer


Avatar
abuse_ch
RedLineStealer C2:
http://62.113.114.58/IRemotePanel

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.DownloaderNET.58.5473.20732.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Rdn
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 02:28:36 UTC
File Type:
PE (.Net Exe)
Extracted files:
1
AV detection:
22 of 31 (70.97%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
11ca15b773dcbc4abce7a43e410f7515b052c9a75a6f71370d8de601f720459c
RedLineStealer
4aebd2918942c4d01076cd9cb47402c5b8c61e14e86a397488d1abc2e444d626
RedLineStealer
686a4b97ac3658409328ff06350a2af5d637cbd7bcd6ae9b60d80f52244a803b
RedLineStealer
6aeb4c6ab2a989f29fba04866ce13866c082cc729c14502fb86b6a617a3d533a
RedLineStealer
7310d9b87d90bb647879dd9a7adc8cb76e0630dca1e15e75abfd0083203e83a2
RedLineStealer
c4a2c8397cfa4f7f16a317aad541b6c48e35c4420249f702b2c6f01faf66ef61
RedLineStealer
d1eb54cb3aa9ba1fc585cf676c4a814b11786b962da1b1959768794d281084ab
RedLineStealer
d4bb66bd17508438be397f81e2226dd6e4814fcc09573aefec5039a7ec3b10a8
RedLineStealer
e12bf1c4b6712d15cebf8556b8d659bc928c6ac18efbb081d56811bd48ce3359
RedLineStealer
ed3e3c59713754f3ab1b901db3b1042c790b5b140e882ea909073510133418ca
RedLineStealer
+ 59 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-bmjj8yg49x/
Behaviour
Modifies system certificate store
Suspicious use of AdjustPrivilegeToken
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe aaaf01da2fe823f7ccf2e9d400a94dba2ae428f0dfa7a8eef712696c3b4b6fba

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/368745/
  
Delivery method
Distributed via web download

Comments