MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f94938c13745765675f9ef82615eae42abb6616c6534cfac893d1e31ebc98d92. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f94938c13745765675f9ef82615eae42abb6616c6534cfac893d1e31ebc98d92
SHA3-384 hash: 86ab2688739e07cd76bc5f82cf70199dae87d16845654b1cb9620919ff4c5c522f65afdeabc9a09d4d5dbe29a2fefa72
SHA1 hash: 39a47363f7c356e2ca59cda93d70648f05aeee5a
MD5 hash: e8290bce2e0f4ab301d7cba6c450b0ea
humanhash: bulldog-delta-carpet-oranges
File name:Proforma Invoice CINV2021000000000231TRN #10003892780000101 remittance swift copy.pdf.r17
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:364'049 bytes
First seen:2021-07-14 14:51:34 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:Pnv5CPebpcK1yGI5Wvp1VYqV1OjiMQvOZd5M6O+VaXJfDJfvR4OhTlfIOhFDLcKp:PnBjpcK1dI5op1WCAi/OO+Q5rJHaWSOR
TLSH T1F174235F1E62A6A231E94F962B059F85CC5FCDDCA13D003EF377254BA394760AA04E83
Reporter cocaman
Tags:INVOICE r17 rar RedLineStealer SWIFT


Avatar
cocaman
Malicious email (T1566.001)
From: "Ramis Liebregts <sales12@ceaworld.com>" (likely spoofed)
Received: "from ceaworld.com (unknown [2.56.59.68]) "
Date: "14 Jul 2021 16:12:12 +0200"
Subject: "FW: Proforma Invoice CINV202100038927800003"
Attachment: "Proforma Invoice CINV2021000000000231TRN #10003892780000101 remittance swift copy.pdf.r17"

Intelligence

File Origin
# of uploads :
1
# of downloads :
111
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f94938c13745765675f9ef82615eae42abb6616c6534cfac893d1e31ebc98d92/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-07-14 14:52:06 UTC
File Type:
Binary (Archive)
Extracted files:
8
AV detection:
13 of 29 (44.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7fetrqjxiv3fm5pz56bgcxvoikv3mylmmu2m7lejhupdd26jrwja._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/210714-4wsxbs8f7a/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
DYEPACK
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f94938c13745765675f9ef82615eae42abb6616c6534cfac893d1e31ebc98d92

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RedLineStealer

rar f94938c13745765675f9ef82615eae42abb6616c6534cfac893d1e31ebc98d92

(this sample)

RedLineStealer

Executable exe cce5e27d0906d99ceba84cc364183e5c63f9cca22c1ad80baa38bc58ff48f550

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 cce5e27d0906d99ceba84cc364183e5c63f9cca22c1ad80baa38bc58ff48f550

Comments