MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c07fc52760ae33dfdea072ebb41a558effed8b99c17abf62b23262453815ddd4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c07fc52760ae33dfdea072ebb41a558effed8b99c17abf62b23262453815ddd4
SHA3-384 hash: cf187a90a95b7f24900b5d80635a464ccd33603a40490fca2c5f42f74b0c3693c22f1782ebc8af7436130570543c4362
SHA1 hash: fd5bc59c8d056615c03ffecd3a69684522b010c7
MD5 hash: 3e45aae13cc364808b3bf8e77051cd21
humanhash: magazine-montana-iowa-march
File name:Swift.pdf.gz
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:819'796 bytes
First seen:2021-01-18 08:28:33 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:YxPMeaFsPx2tN6Q+9r1FPZKyKB3OgoxrXPEahrNNrgA30Sd7PxEtZS8:YNrzItkQ+9hvKtOgohXPPOAkKpD8
TLSH 4905335B7CC167E6A447FBBBBB22BC60C8FA85158A273C5E6B2FD57416604D072B8043
Reporter abuse_ch
Tags:gz


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mail.vasl.ir
Sending IP: 95.217.69.227
From: Sales <stigka78@ath.forthnet.gr>
Subject: Fwd: Swift
Attachment: Swift.pdf.gz (contains "Swift.pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
114
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27281.GZipHeur.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c07fc52760ae33dfdea072ebb41a558effed8b99c17abf62b23262453815ddd4/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-01-18 07:53:51 UTC
AV detection:
11 of 46 (23.91%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=yb74kj3avyz57xvaolv3igsvr3763c4zyf5l6yvsgjrekoav3xka._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c07fc52760ae33dfdea072ebb41a558effed8b99c17abf62b23262453815ddd4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RedLineStealer

gz c07fc52760ae33dfdea072ebb41a558effed8b99c17abf62b23262453815ddd4

(this sample)

RedLineStealer

Executable exe 85dd5d9ef955400038cae7ac32f2931c3b6966792bbfd353f14627c2261f2d9c

  
Dropping
MD5 12bd6ccee06c7ec5762c2aecc7c3357d
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 85dd5d9ef955400038cae7ac32f2931c3b6966792bbfd353f14627c2261f2d9c

Comments