MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d52bf5a290ca4006cf1a7e2a1e808d20e97dad4ecd577c007359fe964b09ceae. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d52bf5a290ca4006cf1a7e2a1e808d20e97dad4ecd577c007359fe964b09ceae
SHA3-384 hash: 35f51f7de0caec4e71570430adcf5129fa74af791e22388cf575be8f625f9693ff86af7ab078d4a3bd51c2f9d399fed3
SHA1 hash: 5a44a5569d6a8218afa30f80ff2c95ed53a9761e
MD5 hash: 7683d47b449a07bd602bf745d96392f4
humanhash: quebec-potato-monkey-hydrogen
File name:SecuriteInfo.com.Variant.Spider.1.18583.16956
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:21'504 bytes
First seen:2020-06-15 09:12:58 UTC
Last seen:2020-06-15 09:32:13 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'657 x AgentTesla, 19'469 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 384:DEH18vh1oQ9LdkMDgZbAXyxBzBHkfRE/:42ZGQ9LGQgygkfg
Threatray 74 similar samples on MalwareBazaar
TLSH 0CA2E6227BC94639D4B68BB859F5C3428B71B1924C03D25F4AC961C71A53B92CFB3B93
Reporter SecuriteInfoCom
Tags:RedLineStealer

Intelligence

File Origin
# of uploads :
2
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/10294/
Detection(s):
SecuriteInfo.com.Variant.Spider.1.18583.16956.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-06-15 07:38:13 UTC
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2uv7liuqzjaanty2pyvb5aenedux3lkozvlxyadtlh7jmsyjz2xa._file
Verdict:
malicious
Similar samples:
0dece9fdaaf9fca84d4ea64f94e789ee03a7a7e663d138327c662c4fc23aa2bb
RedLineStealer
116c73aa349f83509f2440164027a89a7654d352231ffe5fbf6ff81e37003b8c
RedLineStealer
3428e7b4b164f5368a799c3eff77c10ca69508ddca29e5268b238c0018426896
RedLineStealer
34e142c3ca75844c48639cfc8f60513d23c02a65addef3bce69f5b49b34277a1
RedLineStealer
366e9022a9fa52f3402d27ae42fd700628363668dc25ed958c8cd648c6e4e08e
RedLineStealer
3c90e174ff5097d991e0b99001a4e64e0c9e312df0ec03cee51380148974920e
RedLineStealer
5b5eab7a12fdfc6cc39e39193b7a9020ee46e72acac70033236ef9b6b2da32c7
RedLineStealer
89f08e47a8ba6e70c1e313ffd49959a5966f07b2ae77f1afead296ff3146c89c
RedLineStealer
dd95534ba96dec77e6e6deb7c3d29e34bf0e5941099c13c39b9ced0495c11902
RedLineStealer
ec837014dcb222fd3780d0730e297c9a09786cc57a42a9da092c9199c1f9660b
RedLineStealer
+ 64 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-feglhnmjas/
Behaviour
Modifies system certificate store
Suspicious use of AdjustPrivilegeToken
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

Executable exe d52bf5a290ca4006cf1a7e2a1e808d20e97dad4ecd577c007359fe964b09ceae

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/390026/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/10294/

Comments