MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fa8cba48b12a40e6dd1c4e995dee238edd6e74bec1950366b8ccf6f46b263382. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fa8cba48b12a40e6dd1c4e995dee238edd6e74bec1950366b8ccf6f46b263382
SHA3-384 hash: 99a5b9ade3fd1493f8473b52774440b9b85e351fce7b49fbaaa27c147112f926811bbf64743ad91a94efa691fbf71a47
SHA1 hash: 94eb05c86743833fe9f44f31ca50667cb53dec1d
MD5 hash: b28f6da8dc0283c0b1c8e808d51dd01b
humanhash: river-arizona-fix-mike
File name:b28f6da8dc0283c0b1c8e808d51dd01b.exe
Download: download sample
File size:848'896 bytes
First seen:2023-08-31 06:24:21 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 646167cce332c1c252cdcb1839e0cf48 (8'473 x RedLineStealer, 4'851 x Amadey, 290 x Smoke Loader)
ssdeep 24576:OyDUWp+/UYaT9yDRun3P2FDGE4qWKwxnX:dHQUB9Won3eN
TLSH T1FE052217E7D59232ECB5137098F7279303317D62A97C96673B4291A80D726C4A4323BF
TrID 70.4% (.CPL) Windows Control Panel Item (generic) (197083/11/60)
11.1% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
5.9% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
3.7% (.EXE) Win64 Executable (generic) (10523/12/4)
2.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
297
Origin country :
NL NL
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/445433/
Detection(s):
Sanesecurity.Malware.28840.BadO.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Trojan.Agent.EAOQ.26295.2066.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Gathering data
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
advpack anti-vm CAB control explorer installer lolbin packed rundll32 setupapi shell32
Link:
https://www.filescan.io/uploads/64f032427444d2eb09f3e213/reports/acdbfae0-a6ee-40bb-a182-0efeca658cf2/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_70%
Link:
https://www.hybrid-analysis.com/sample/fa8cba48b12a40e6dd1c4e995dee238edd6e74bec1950366b8ccf6f46b263382
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/4b657771-dcdb-4c16-af82-88ef2454408e
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1300849
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fa8cba48b12a40e6dd1c4e995dee238edd6e74bec1950366b8ccf6f46b263382/
Threat name:
Win32.Trojan.Synder
Create hunting rule
Status:
Malicious
First seen:
2023-08-30 23:14:18 UTC
File Type:
PE (Exe)
Extracted files:
59
AV detection:
11 of 38 (28.95%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7kglusfrfjaonxi4j2mv33rdr3ow45f6ygkqgzvyzt3pi2zggoba._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230831-g6mc2sdf74/
Unpacked files
SH256 hash:
fa8cba48b12a40e6dd1c4e995dee238edd6e74bec1950366b8ccf6f46b263382
MD5 hash:
b28f6da8dc0283c0b1c8e808d51dd01b
SHA1 hash:
94eb05c86743833fe9f44f31ca50667cb53dec1d
Link:
https://www.unpac.me/results/6442297a-fb26-4fa0-886f-29832db98735/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fa8cba48b12a40e6dd1c4e995dee238edd6e74bec1950366b8ccf6f46b263382

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:detect_Redline_Stealer
Create hunting rule
Author:Varp0s

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe fa8cba48b12a40e6dd1c4e995dee238edd6e74bec1950366b8ccf6f46b263382

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/445433/
  
URLhaus
https://urlhaus.abuse.ch/url/2705872/
  
Delivery method
Distributed via web download

Comments