MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e64b645ea5e49d9ae5b7faf331a14818856f381d2d61c95a0856c1bb25028341. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e64b645ea5e49d9ae5b7faf331a14818856f381d2d61c95a0856c1bb25028341
SHA3-384 hash: ad6def73f62d9c6ce7ae11f20ee438e4087283cd07bde1e5641cfdc377efeb63486000188f70bcf9ac3237c2fe8be035
SHA1 hash: 2c3744e4e6818e7289c4cebc1ef8c70c746891be
MD5 hash: 12a329bc5f57994a2441e2eaf1e3d9c2
humanhash: speaker-nine-bacon-september
File name:Arrival notice ETA 19th .r15
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:361'694 bytes
First seen:2021-07-14 14:49:47 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:8Sr4xld2o1yxqZJDNA3IPACwt2hjWoDdE0oI8v2ZFzSsOGabmxt704t10:hr4yxqdF4COAjWoDFoI8u7p1a8Vt10
TLSH T1627423EF1D4F24CE199AD622839365D02C5C6F7F5C0C115F9EF8E381847E29AE246E92
Reporter cocaman
Tags:INVOICE r15 rar RedLineStealer


Avatar
cocaman
Malicious email (T1566.001)
From: "info@haysshipping.com" (likely spoofed)
Received: "from haysshipping.com (unknown [45.137.22.139]) "
Date: "14 Jul 2021 15:33:05 +0200"
Subject: "ARRIVAL NOTICE & INVOICE ETA 19th JULY 2021"
Attachment: "Arrival notice ETA 19th .r15"

Intelligence

File Origin
# of uploads :
1
# of downloads :
96
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e64b645ea5e49d9ae5b7faf331a14818856f381d2d61c95a0856c1bb25028341/
Threat name:
Win32.Trojan.GenericML
Create hunting rule
Status:
Malicious
First seen:
2021-07-14 14:50:07 UTC
File Type:
Binary (Archive)
Extracted files:
8
AV detection:
9 of 29 (31.03%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4zfwixvf4sozvznx7lztdikidccw6oa5fvq4swqik3a3wjicqnaq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/210714-qc1vdw78gx/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.38
Link:
https://yomi.yoroi.company/submissions/e64b645ea5e49d9ae5b7faf331a14818856f381d2d61c95a0856c1bb25028341

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RedLineStealer

rar e64b645ea5e49d9ae5b7faf331a14818856f381d2d61c95a0856c1bb25028341

(this sample)

RedLineStealer

Executable exe 28a134624b20ca70d298b0658dc49681fd7d62a5100c48808c63c561f3a25ce6

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 28a134624b20ca70d298b0658dc49681fd7d62a5100c48808c63c561f3a25ce6

Comments