MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b73f062242ecaf86430950a2990dd69bc5080cfea2a1012efc7436d4a7a3a346. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RedLineStealer

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	b73f062242ecaf86430950a2990dd69bc5080cfea2a1012efc7436d4a7a3a346
SHA3-384 hash:	2d7c1a90bcf71a9d27686947209cebe0de81c56dedc4759d036028dbae2337a16ccd13d188f2e57245106bac1900effc
SHA1 hash:	55aa54751ea753cf9880cec7423c657c26aadf97
MD5 hash:	42a760556798b150cb23d076f0942563
humanhash:	comet-idaho-beer-minnesota
File name:	Payment List 64.xll
Download:	download sample
Signature	RedLineStealer Create hunting rule
File size:	563'200 bytes
First seen:	2022-03-07 09:36:29 UTC
Last seen:	Never
File type:	xll
MIME type:	application/x-dosexec
imphash	a31761b5a590c4c499d5f4a347d75c12 (23 x Formbook, 17 x AgentTesla, 6 x RedLineStealer)
ssdeep	12288:yn/zDvGHAykH8vLW/4+8bzbBSreMdPBY4ZyrE7K3yl8PeVooA/AB2LEJZsAQPUq5:wzbGHAzHKjX10BY4ZyrE7K3yl8PeVooa
Threatray	83 similar samples on MalwareBazaar
TLSH	T1B1C47E57F7DBF6B0E6BE867A86F1851C52B774620260A78F664072886D23382453DF0F
Reporter	abuse_ch
Tags:	RedLineStealer xll

Intelligence

File Origin

# of uploads :

1

# of downloads :

161

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Trojan.Generic-9939833-0

SecuriteInfo.com.Artemis4EBC548DF517.17970.15145.UNOFFICIAL

Result

Verdict:

Malicious

File Type:

Office Add-Ins - Suspicious

Link:

https://app.docguard.net/b73f062242ecaf86430950a2990dd69bc5080cfea2a1012efc7436d4a7a3a346/results/dashboard

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/b73f062242ecaf86430950a2990dd69bc5080cfea2a1012efc7436d4a7a3a346/

Threat name:

ByteCode-MSIL.Trojan.ExcelAddin

Status:

Malicious

First seen:

2022-03-07 09:37:12 UTC

File Type:

PE+ (Dll)

Extracted files:

2

AV detection:

18 of 27 (66.67%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=w47qmisc5sxymqyjkcrjsdowtpcqqdh6ukqqclx4oq3njj5dunda._file

Verdict:

unknown

Similar samples:

0838b673be73014ff6e29d784247ad3b44a794dd2134301bb25c8dd0a3f5b0ae

68315f9b95450e287e19be6f014114f36aa6fd98eef733e839efe670f302fced

93eaa02e5c7c465410e6981da4b4ea3ebd730b8016932d328022da0e8091e763

aba88fbca4bc1906e9602f61b25d48d01cf476d48bda115f317fda930313492c

ade73b7033e024443c9ebffc25a424d3a1fc4e67c674fcd585e9d5d5d2c774a0

b1b5046988f030694c9e4a29e8b61990ac1e4da7a98f0c1fdb3906a60bcbcba0

b3f6afb079d5d25bea3a043d033091d5a0a8fde399c900a6337bc5e1dd65d279

d340898f14aaa9f884b022b4be1b849eae4be5e275432348dc6bcb1fa09e28cb

e5013497a297e36f89cc5dc3e369faf27bb9b88684cad53accad8b006433a6c5

+ 73 additional samples on MalwareBazaar

Result

Malware family:

redline

Score:

10/10

Tags:

family:redline infostealer

Link:

https://tria.ge/reports/220307-llgz2scgd7/

Behaviour

Checks processor information in registry

Enumerates system info in registry

Modifies Internet Explorer settings

Modifies data under HKEY_USERS

Modifies registry class

Suspicious behavior: AddClipboardFormatListener

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Loads dropped DLL

Process spawned unexpected child process

RedLine

RedLine Payload

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/b73f062242ecaf86430950a2990dd69bc5080cfea2a1012efc7436d4a7a3a346

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample