MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b00c7214af54808c8ea8b0d011ee8f64e7454785a01d803e7439a0f331fe3ff7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RedLineStealer

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	b00c7214af54808c8ea8b0d011ee8f64e7454785a01d803e7439a0f331fe3ff7
SHA3-384 hash:	19b0913e9e87ad2aac85ca83debf920b44b19d20a274dca8916b66d7af39f15dc24ca134474ede12354748c979197fb5
SHA1 hash:	066f236d9621838a8ad59af940844cc6b6f60f0b
MD5 hash:	708ca19434d904fcd382751f3214f059
humanhash:	crazy-gee-india-bluebird
File name:	708ca19434d904fcd382751f3214f059.exe
Download:	download sample
Signature	RedLineStealer Create hunting rule
File size:	324'136 bytes
First seen:	2021-10-09 15:15:31 UTC
Last seen:	2021-10-09 16:22:53 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	d33805713bf84c5172011e6ee58dcc60 (6 x RedLineStealer, 2 x ArkeiStealer, 2 x RaccoonStealer)
ssdeep	6144:lvJBZPxEL0bwSTMs0ZKKQOyjT0sEMXnioBU74MTb6dD:PBMqwSTfoYAsEYBU744+
TLSH	T15A64DF313190CBF2D1361533B712CAE44A7DB9AD5D22424F3B981EAEAF3D3A19E15349
File icon (PE):
dhash icon	fcfcd4f4d4d4d8c0 (23 x RedLineStealer, 21 x RaccoonStealer, 6 x Smoke Loader)
Reporter	abuse_ch
Tags:	exe RedLineStealer

Intelligence

File Origin

# of uploads :

# of downloads :

297

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

708ca19434d904fcd382751f3214f059.exe

Verdict:

No threats detected

Analysis date:

2021-10-09 15:21:51 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/061a2c00-6911-44cf-a463-d536026dd6c4

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/196322/

Detection(s):

SecuriteInfo.com.Trojan.PWS.Stealer.30979.13114.17688.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

greyware overlay packed

Link:

https://www.filescan.io/uploads/6161b237334ba92bd9232cd1/reports/6af58850-a01d-48aa-a465-7414b7f9e63a/overview

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/b00c7214af54808c8ea8b0d011ee8f64e7454785a01d803e7439a0f331fe3ff7/

Threat name:

Win32.Trojan.MintZard

Status:

Malicious

First seen:

2021-10-09 15:16:16 UTC

AV detection:

21 of 45 (46.67%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=wagheffpksaizdviwdibd3upmttukr4fuaoyaptuhgqpgmp6h73q._file

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/211009-sngwdsfcc3/

Unpacked files

SH256 hash:

b00c7214af54808c8ea8b0d011ee8f64e7454785a01d803e7439a0f331fe3ff7

MD5 hash:

708ca19434d904fcd382751f3214f059

SHA1 hash:

066f236d9621838a8ad59af940844cc6b6f60f0b

Link:

https://www.unpac.me/results/67674def-b519-4c43-bc9e-ea0d8ca774d8/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/b00c7214af54808c8ea8b0d011ee8f64e7454785a01d803e7439a0f331fe3ff7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

exe b00c7214af54808c8ea8b0d011ee8f64e7454785a01d803e7439a0f331fe3ff7

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/1582746/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/196322/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample