MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f6a64cd4e4b11b8bd9b8b48915ee43cc600ed17715bd33710502de15a3d7ed74. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f6a64cd4e4b11b8bd9b8b48915ee43cc600ed17715bd33710502de15a3d7ed74
SHA3-384 hash: 5596daa76a8e8053a3db7f2e79a5075557e9f560f01bdaae9e15b4857ebe343c91449a8644df39e29952346df926722a
SHA1 hash: 27b3335e024d0f158c8771f500f4f9ff8370c6e6
MD5 hash: 841c7ce6ad618da99ee4159694f286fe
humanhash: august-cola-carpet-carolina
File name:E-invoicing_17_01_2021_804614300125.cab
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:8'584 bytes
First seen:2021-01-18 18:15:35 UTC
Last seen:Never
File type: cab
MIME type:application/vnd.ms-cab-compressed
ssdeep 192:Qr856shQflcuIf78EnZSuOQN1i7VpxsuYRGO7uj0lmTUO1:w856shQfeTFcuOQq7L+R7uwl6b
TLSH B402AF2B6C2C9819774F3D7C24A5C55DDE3217F117B1CC3606846DE9D22D4691F48E71
Reporter abuse_ch
Tags:cab TNT


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: server40.happybyte.gr
Sending IP: 94.130.204.38
From: TNT Express <info@princelia.com>
Reply-To: noreply@tnt.com
Subject: 电子发票-E-invoicing_17_01_2021_804614300125
Attachment: E-invoicing_17_01_2021_804614300125.cab (contains "E-invoicing_17_01_2021_804614300125.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
120
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.RedLine.16.10877.30483.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f6a64cd4e4b11b8bd9b8b48915ee43cc600ed17715bd33710502de15a3d7ed74/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-01-18 18:16:07 UTC
AV detection:
9 of 46 (19.57%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=62tezvhewenyxwnywserl3sdzrqa5ulxcw6tg4ifalpbli6x5v2a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/f6a64cd4e4b11b8bd9b8b48915ee43cc600ed17715bd33710502de15a3d7ed74

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RedLineStealer

cab f6a64cd4e4b11b8bd9b8b48915ee43cc600ed17715bd33710502de15a3d7ed74

(this sample)

RedLineStealer

Executable exe dc6aaf7acf8b088dd2f0a3cbffd5ae7e56ed1680aeccb2ff7eecb9d56796cf68

  
Dropping
MD5 6a30c4f159af10611e8b6780ca7e9fb9
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 dc6aaf7acf8b088dd2f0a3cbffd5ae7e56ed1680aeccb2ff7eecb9d56796cf68

Comments