MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d340898f14aaa9f884b022b4be1b849eae4be5e275432348dc6bcb1fa09e28cb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RedLineStealer

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	d340898f14aaa9f884b022b4be1b849eae4be5e275432348dc6bcb1fa09e28cb
SHA3-384 hash:	44b00f9fa988cc1211499fec45f0b40c8c0d1738d1ee1a87d68e9f528d8e68ac1cc1b122d3cd64d49ba4ca887b0914c1
SHA1 hash:	6bf95c7e51a68f24cabee20184f9423ff8a9cff2
MD5 hash:	7500145b56d23056aee4ebde92aa30b8
humanhash:	lion-butter-salami-sad
File name:	Scan Payment list 64.xll
Download:	download sample
Signature	RedLineStealer Create hunting rule
File size:	562'688 bytes
First seen:	2022-02-23 12:13:22 UTC
Last seen:	Never
File type:	xll
MIME type:	application/x-dosexec
imphash	a31761b5a590c4c499d5f4a347d75c12 (23 x Formbook, 17 x AgentTesla, 6 x RedLineStealer)
ssdeep	12288:Un/zDvGHAykH8vLW/4+8bzbBSreMdjBY4ZyrE7K3yl8PeVooA/AB2LEJZxfAQPUG:2zbGHAzHKjX14BY4ZyrE7K3yl8PeVooz
Threatray	55 similar samples on MalwareBazaar
TLSH	T117C47E57F7DBF6B0E6BE827A86F1851C52B774620260A78F664072886D23392453DF0F
Reporter	abuse_ch
Tags:	RedLineStealer xll

Intelligence

File Origin

# of uploads :

1

# of downloads :

118

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Trojan.Generic-9939833-0

SecuriteInfo.com.Artemis4EBC548DF517.17970.15145.UNOFFICIAL

Result

Verdict:

Malicious

File Type:

Office Add-Ins - Suspicious

Link:

https://app.docguard.net/d340898f14aaa9f884b022b4be1b849eae4be5e275432348dc6bcb1fa09e28cb/results/dashboard

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

greyware packed packed

Link:

https://www.filescan.io/uploads/62162510a2660f3bb92f6d2c/reports/26015176-d7b9-4b2e-93d1-55b13444f85c/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/d340898f14aaa9f884b022b4be1b849eae4be5e275432348dc6bcb1fa09e28cb/

Threat name:

ByteCode-MSIL.Trojan.XllDownloader

Status:

Malicious

First seen:

2022-02-23 12:14:11 UTC

File Type:

PE+ (Dll)

Extracted files:

2

AV detection:

17 of 27 (62.96%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=2naitdyuvku7rbfqek2l4g4et2xexzpcovbsgsg4npfr7ie6fdfq._file

Verdict:

unknown

Similar samples:

12b746c0b5556ef44be803c0ebb7dbfccbacd3a4f8df1b783d4730a311209cdd

1bf8c12c3dadffb6d0b9dfbebd78a15bed670640830c0f41369ea6137c2aeb1d

983ffa1a7513ab6d015e1c4785bda2a2f20a47bf6091773db9341ebcdaf84e93

9b682330445e8eb6445cc43968e21ae3ffe1b9d8c3ae5210c9a8d12416315d5d

aba88fbca4bc1906e9602f61b25d48d01cf476d48bda115f317fda930313492c

ade73b7033e024443c9ebffc25a424d3a1fc4e67c674fcd585e9d5d5d2c774a0

b434e54b1f162ec9a1f9e943e8829069c8e91ff4998acdb6f0e5aa34ceee1cc4

bf3529c3d7d27a23db406da1cae1ab04e4b0c5b14de4aa69d5bb11166e1e5c1f

c61b6512d455398c2ff7fa4450c488e7eaeb8aacc01f732d8204ae302e2cc868

d724eef097700915a348d42dcfa0255e3edb3c644cf8740fd052cddab2c81b54

+ 45 additional samples on MalwareBazaar

Result

Malware family:

redline

Score:

10/10

Tags:

family:redline infostealer spyware

Link:

https://tria.ge/reports/220223-pebq8sbcgr/

Behaviour

Suspicious use of WriteProcessMemory

Checks processor information in registry

Enumerates system info in registry

Modifies Internet Explorer settings

Modifies registry class

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of SetThreadContext

Accesses cryptocurrency files/wallets, possible credential harvesting

Loads dropped DLL

Process spawned unexpected child process

RedLine

RedLine Payload

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/d340898f14aaa9f884b022b4be1b849eae4be5e275432348dc6bcb1fa09e28cb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample