MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fd6f5ba78e9edefb88bf74e98c5e6bb96ba10d0a81b6f347a702891168ada961. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fd6f5ba78e9edefb88bf74e98c5e6bb96ba10d0a81b6f347a702891168ada961
SHA3-384 hash: 0d2a2a9eb0aebc9850f5adffc27c07999e1de49fc4fc7e10f19e094590a901531b1c9b8770d6d829757712e53b572468
SHA1 hash: 188fbe916ace3bd45a1fd44554cd65d165b9b649
MD5 hash: 81dcb9edaafb18d391670d06f722d266
humanhash: hawaii-oxygen-foxtrot-december
File name:SWIFT.docx.cab
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:604'671 bytes
First seen:2021-01-19 07:34:31 UTC
Last seen:Never
File type: cab
MIME type:application/vnd.ms-cab-compressed
ssdeep 12288:BO5ZGUMZrWbJLUqkKXZnD9SgjvBrY3soS/XgKmsai7zHMvnIK4l2mK0GL:TUrtr1XZVbBkR7kLMvIVKxL
TLSH 8ED423529EC145CAB9E952326DB73E06FE01AF46C6911F8B209C3C2CB3050B67E6793D
Reporter abuse_ch
Tags:cab


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mail.vasl.ir
Sending IP: 95.217.69.227
From: ProCredit Bank a.d. <info@borbet.sk>
Subject: Fwd: SWIFT
Attachment: SWIFT.docx.cab (contains "SWIFT.docx.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
178
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fd6f5ba78e9edefb88bf74e98c5e6bb96ba10d0a81b6f347a702891168ada961/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-01-19 07:34:45 UTC
AV detection:
8 of 46 (17.39%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7vxvxj4ot3ppxcf7otuyyxtlxfv2cdikqg3pgr5hakerc2fnvfqq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fd6f5ba78e9edefb88bf74e98c5e6bb96ba10d0a81b6f347a702891168ada961

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RedLineStealer

cab fd6f5ba78e9edefb88bf74e98c5e6bb96ba10d0a81b6f347a702891168ada961

(this sample)

RedLineStealer

Executable exe 4990b0164b660d9e8966fb35fc3d5f4f30b42c7e3861a14fc9255075b129c86e

  
Dropping
MD5 d2c3d087707686a60ee673ca17a13537
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4990b0164b660d9e8966fb35fc3d5f4f30b42c7e3861a14fc9255075b129c86e

Comments