MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ce7c720d27b3347a77b5d01b04c89252e385392ea639dc2bda0d1f48278bb849. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ce7c720d27b3347a77b5d01b04c89252e385392ea639dc2bda0d1f48278bb849
SHA3-384 hash: 19ec088ed4011eae0830a7212c313a5999a9291495488cc163b3c57e0afb6cfb36e48695dbdca3acc81786c7467b7f5e
SHA1 hash: ed48f05f70f121852445cdaeb050c91542e90f74
MD5 hash: 5126367ad19dba8d91820838faeeb93c
humanhash: blossom-angel-bluebird-texas
File name:PGMB772889910288.PDF.img
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:1'507'328 bytes
First seen:2020-10-23 06:58:07 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:I1UwaXdk8F61io5ZlOZV27gCxII8nzADEjp778qjJFIdH:IK1+5Pnmnaq7jjJKt
TLSH 30657DC93200B5DFC413D4B28DAD5C70A66078BF831B820B6117666EDA8E583DF566FB
Reporter abuse_ch
Tags:img RedLineStealer


Avatar
abuse_ch
Malspam distributing RedLineStealer:

HELO: usegreenco.com
Sending IP: 50.78.187.17
From: Lydia Yonkers<sales@usegreenco.com>
Subject: Quote Request
Attachment: PGMB772889910288.PDF.img (contains "PGMB772889910288.PDF.exe")

RedLineStealer C2:
http://hesmyela.xyz/IRemotePanel

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.ArtemisEAC8B5992AFE.17432.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ce7c720d27b3347a77b5d01b04c89252e385392ea639dc2bda0d1f48278bb849/
Threat name:
Win32.Trojan.RedLineStealer
Create hunting rule
Status:
Malicious
First seen:
2020-10-23 03:08:38 UTC
AV detection:
14 of 29 (48.28%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zz6hedjhwm2hu55v2anqjsesklrykojouy45yk62bupuqj4lxbeq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RedLineStealer

img ce7c720d27b3347a77b5d01b04c89252e385392ea639dc2bda0d1f48278bb849

(this sample)

RedLineStealer

Executable exe 6539c7adf3324f7741a203d986868dc97cf983520222eff900b89f184e1039f6

  
Dropping
MD5 eac8b5992afe608fbe6bb4b842e476b4
  
Dropping
RedLineStealer
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6539c7adf3324f7741a203d986868dc97cf983520222eff900b89f184e1039f6

Comments