MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ea3bd6c66ba27adecedde7331ff2f315f1af23d40f1014835e4ff1c6ea382a56. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ea3bd6c66ba27adecedde7331ff2f315f1af23d40f1014835e4ff1c6ea382a56
SHA3-384 hash: 96f6613ca936e603477fdbbdea9849275587831c2156655578049c7d924f18f529a00ff9e185c8ef4cb480406c6cc578
SHA1 hash: afbb10bb8bf1ae094d9f4e1207ec96e584008a3a
MD5 hash: 6610bed2fe6fa1b4e6691f39b834879e
humanhash: paris-social-carolina-mexico
File name:monthly financial statement.zip
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:1'298'732 bytes
First seen:2021-01-17 13:47:07 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:HPOTr07ofjRRY5S1pJ23azQPb0Kt7hSqUfdgNmg/sCceV0vMnKKH:HPor07ERRYUN23zj08dSlfFgVh0vMnKq
TLSH 5C5533C2C7ED8A1967D7A89103A0ECA6475B72E9293CC855FD28B30D2FC517E2F53906
Reporter abuse_ch
Tags:zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: euve35436.serverloft.eu
Sending IP: 85.25.204.185
From: Pete Richmond <Pete.Richmond@senokairleisure.com>
Reply-To: Pete.Richmond@senokairleisure.com
Subject: The monthly financial statement
Attachment: monthly financial statement.zip (contains "monthly financial statement.doc")

Intelligence

File Origin
# of uploads :
1
# of downloads :
210
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27301.RtfHeur.BadVer.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.FakeRTF-2.UNOFFICIAL
Create hunting rule

MiscreantPunch.RTF.2017-0199.Obfus.170830.UNOFFICIAL
Create hunting rule

MiscreantPunch.RTF.2017-0199.Obfus.171711.UNOFFICIAL
Create hunting rule

TwinWave.EvilDoc.RTFFakeVersionWithObjUpdateUKSurfMix.20200514.UNOFFICIAL
Create hunting rule

TwinWave.EvilDoc.DOCXSTRGOOD.RTFSTR._E_R_N_E_L_3_2_OADLIBRARYW_S_ETPROCADDRESS_.200622.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ea3bd6c66ba27adecedde7331ff2f315f1af23d40f1014835e4ff1c6ea382a56/
Threat name:
Document-Office.Exploit.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2021-01-17 13:48:06 UTC
AV detection:
6 of 46 (13.04%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5i55nrtluj5n5tw544zr74xtcxy26i6ub4ibja26j7y4n2ryfjla._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Bloodhound
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ea3bd6c66ba27adecedde7331ff2f315f1af23d40f1014835e4ff1c6ea382a56

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RedLineStealer

zip ea3bd6c66ba27adecedde7331ff2f315f1af23d40f1014835e4ff1c6ea382a56

(this sample)

RedLineStealer

Word file doc 5f94fc16fc1729c7817f052cd6aaf7d1638aba942ef380b35a0003ec1f146439

  
Dropping
MD5 0675edf4c9212b83a850c75398f648e8
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5f94fc16fc1729c7817f052cd6aaf7d1638aba942ef380b35a0003ec1f146439

Comments