MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c4e42ebfd487b325ece4f09d75687c96e252aa8559f8a8daad6336dc39ee5424. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c4e42ebfd487b325ece4f09d75687c96e252aa8559f8a8daad6336dc39ee5424
SHA3-384 hash: ff5b609595b8580d35d7b6620c248126cd4ca158d58bbcc90d34778eb65ac413af68feceb2fb77c8f40a50f9916cb7bc
SHA1 hash: a839162b6d7bf0da080de3e5937c1f6c4452a93d
MD5 hash: 21ee9c5c9c5b5d42689ce6814685409f
humanhash: lactose-montana-four-march
File name:SecuriteInfo.com.Gen.Variant.Razy.624632.31255.13122
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:881'152 bytes
First seen:2020-05-15 20:30:59 UTC
Last seen:2020-05-15 21:29:19 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash bf5a4aa99e5b160f8521cadd6bfe73b8 (423 x RedLineStealer, 31 x AgentTesla, 12 x DCRat)
ssdeep 24576:bk70TrcmsPn72EKQwQG2hjAIzvfwrLLemG:bkQTAH6hLemG
Threatray 219 similar samples on MalwareBazaar
TLSH 921512257890C0B2C472167584E9CE759F3A30750B7A96E3B7DC3BBA5F112E1A3352CA
Reporter SecuriteInfoCom
Tags:RedLineStealer

Intelligence

File Origin
# of uploads :
2
# of downloads :
96
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Gen.Variant.Razy.624632.31255.13122.UNOFFICIAL
Create hunting rule

PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Reline
Create hunting rule
Status:
Malicious
First seen:
2020-04-25 07:28:00 UTC
File Type:
PE (Exe)
AV detection:
28 of 31 (90.32%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ytsc5p6uq6zsl3he6coxk2d4s3rffkuflh4krwvnmm3nyopokqsa._file
Verdict:
malicious
Similar samples:
4aebd2918942c4d01076cd9cb47402c5b8c61e14e86a397488d1abc2e444d626
RedLineStealer
555f84812f700d1448fd200f04200ae9d17413652be94c54ba442fccdf9104dc
RedLineStealer
642ecc0813761138cff276fdece24e479604dbc7c012a2a168d018330e1905e5
RedLineStealer
701e2cddd4d1628c01c3ce13a20b5414726995565377e6ddc3133d1245a88cb4
RedLineStealer
7310d9b87d90bb647879dd9a7adc8cb76e0630dca1e15e75abfd0083203e83a2
RedLineStealer
87ff4257e145cb109c3a91260b9412e0bf13ab481ee0d2e592254f8dd77db458
RedLineStealer
aa0ef170fbdf28b626cafc71c401ce5e5b151efca751e1301ab1d68ddc6af5ad
RedLineStealer
c4a2c8397cfa4f7f16a317aad541b6c48e35c4420249f702b2c6f01faf66ef61
RedLineStealer
d1eb54cb3aa9ba1fc585cf676c4a814b11786b962da1b1959768794d281084ab
RedLineStealer
e12bf1c4b6712d15cebf8556b8d659bc928c6ac18efbb081d56811bd48ce3359
RedLineStealer
+ 209 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger spyware stealer trojan
Link:
https://tria.ge/reports/201109-c9x3jkrja6/
Behaviour
Kills process with taskkill
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
AgentTesla Payload
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe c4e42ebfd487b325ece4f09d75687c96e252aa8559f8a8daad6336dc39ee5424

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/363258/
  
Delivery method
Distributed via web download

Comments