MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f00ca56d8ce8b8f541efd24be1fd83e9ea847d75c448f81b7eb95174651a5e30. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f00ca56d8ce8b8f541efd24be1fd83e9ea847d75c448f81b7eb95174651a5e30
SHA3-384 hash: c29f7371fc4847a1631621b3e70c600b4166bf0647cb0dfe7b9b68999521a243c624c092eec2572339253c8ca8e769bd
SHA1 hash: 86bb127f0de0e7b20641925eb65c2a991d188d7e
MD5 hash: a1e4c6d4419bf76446bb53c900b5732c
humanhash: butter-failed-arkansas-whiskey
File name:RFQ.zip
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:770'898 bytes
First seen:2024-11-28 08:09:40 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:X/fA7/l+4RWg4fBe58cvyAnxDU/iREuTJ+y1h6gMMt1JBu7uUBckyFai+sfuUTn:Al+4Wf0uMtl+2JNh6VQc7udb+0VTn
TLSH T1FFF42352F3CFE93A19B920C97F0404A633B3E6B6FD9C595276CF9271596CDB80EA4090
Magika zip
Reporter cocaman
Tags:QUOTATION RedLineStealer RFQ zip


Avatar
cocaman
Malicious email (T1566.001)
From: "gerald.lafrance@jgccomptable.com<gerald.lafrance@jgccomptable.com>" (likely spoofed)
Received: "from [103.195.236.221] (unknown [103.195.236.221]) "
Date: "28 Nov 2024 11:45:57 +0700"
Subject: "RE:Request for Quotation"
Attachment: "RFQ.zip"

Intelligence

File Origin
# of uploads :
1
# of downloads :
464
Origin country :
CH CH
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:RFQ.exe
File size:1'208'320 bytes
SHA256 hash: 88fa1f0c7c938dd906f2757b1df097ce40dbaa45740960a0457c41fd93c9285a
MD5 hash: f16382c47d6df2809c980a0e8dc937db
MIME type:application/x-dosexec
Signature RedLineStealer
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_fs1280.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
94.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=674826ded0583382434ba53b
Tags:
autoit emotet lien
Result
Verdict:
Malicious
File Type:
PE File
Link:
https://app.docguard.net/f00ca56d8ce8b8f541efd24be1fd83e9ea847d75c448f81b7eb95174651a5e30/results/dashboard
Behaviour
BlacklistAPI detected
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
autoit compiled-script evasive fingerprint keylogger lolbin microsoft_visual_cc packed packed packer_detected regedit
Link:
https://www.filescan.io/uploads/6748255fdb2b0e895e0f25f8/reports/12cfbf91-0f87-43aa-a435-df3262cd165e/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/f00ca56d8ce8b8f541efd24be1fd83e9ea847d75c448f81b7eb95174651a5e30
Score:
100%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/f00ca56d8ce8b8f541efd24be1fd83e9ea847d75c448f81b7eb95174651a5e30
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f00ca56d8ce8b8f541efd24be1fd83e9ea847d75c448f81b7eb95174651a5e30/
Threat name:
Win32.Trojan.AutoitInject
Create hunting rule
Status:
Malicious
First seen:
2024-11-28 03:04:10 UTC
File Type:
Binary (Archive)
Extracted files:
28
AV detection:
21 of 38 (55.26%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6agkk3mm5c4pkqpp2jf6d7md5hvii7lvyrepqg36xfixizi2lyya._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla discovery keylogger spyware stealer trojan
Link:
https://tria.ge/reports/241128-lfbk3ssrcv/
Behaviour
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
System Location Discovery: System Language Discovery
Suspicious use of SetThreadContext
AgentTesla
Agenttesla family
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RedLineStealer

zip f00ca56d8ce8b8f541efd24be1fd83e9ea847d75c448f81b7eb95174651a5e30

(this sample)

AgentTesla

Executable exe 88fa1f0c7c938dd906f2757b1df097ce40dbaa45740960a0457c41fd93c9285a

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 88fa1f0c7c938dd906f2757b1df097ce40dbaa45740960a0457c41fd93c9285a
  
Dropping
MD5 f16382c47d6df2809c980a0e8dc937db

Comments