MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d7151920849dd1270baa5fcd224f201158b553623f27421be29885e4c17badd4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d7151920849dd1270baa5fcd224f201158b553623f27421be29885e4c17badd4
SHA3-384 hash: 60f8968a9bfd31b94b0ca952ffef9e7ffb773ae76f0786d14e5dde6cfdaa3141ac83820e3b357f4d9b6215603702a681
SHA1 hash: 9427a6acdb264d41b5ff117f2b374aaaab2facba
MD5 hash: 0f4b98f40808bac5804b6eb8d95771d4
humanhash: berlin-kansas-nitrogen-table
File name:3278_pdf.gz
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:14'216 bytes
First seen:2021-07-19 05:53:02 UTC
Last seen:2021-07-19 05:53:13 UTC
File type: gz
MIME type:application/x-rar
ssdeep 384:gF7krh8TKK22KTd4Q7MA1Jja0Y9+6UfW3gfvv0:gF7krh8TKyTA1xa0Y9+Myv0
TLSH T18052E143FEFC94FC4889F8B49C4E472095E6A2D07B31A7B4B887B5AD170E2984868444
Reporter cocaman
Tags:gz RedLineStealer


Avatar
cocaman
Malicious email (T1566.001)
From: "info@menbelltda.com" (likely spoofed)
Received: "from menbelltda.com (unknown [103.139.44.91]) "
Date: "18 Jul 2021 17:37:45 -0700"
Subject: "RFQ GG : 3211/1, 3278, 3204 Forging drawing"
Attachment: "3278_pdf.gz"

Intelligence

File Origin
# of uploads :
2
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27382.Rar5Heur.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d7151920849dd1270baa5fcd224f201158b553623f27421be29885e4c17badd4/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=24krsieetxisoc5kl7gsetzacfmlku3ch4tueg7ctcc6jql3vxka._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210719-qp9a335jre/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d7151920849dd1270baa5fcd224f201158b553623f27421be29885e4c17badd4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RedLineStealer

gz d7151920849dd1270baa5fcd224f201158b553623f27421be29885e4c17badd4

(this sample)

RedLineStealer

Executable exe 6d27f2de1e4f2126e11f0031826c02e815d5462d7789b642f59603c5ec5d616f

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6d27f2de1e4f2126e11f0031826c02e815d5462d7789b642f59603c5ec5d616f

Comments