MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0182b6df116ea6b7537bd843fed4828efdb5057b601844e1e95bead492436186. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 4


Intelligence 4 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0182b6df116ea6b7537bd843fed4828efdb5057b601844e1e95bead492436186
SHA3-384 hash: fdb9af232dd424b7188d873f13d6d155909282c44376d0354906796c05533ea2b007a72d4b4ab398b52872fb61f843c6
SHA1 hash: e061d16ae1b3ecc58ada37025866c5b2ee0adb8a
MD5 hash: 950e1390092ce15738f8fd0a34af1378
humanhash: mars-muppet-venus-robert
File name:OlympOfReptilesGame.data
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:1'781'319 bytes
First seen:2023-07-06 17:26:46 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:T+t7SAbCVxciryyObSoN4V5jlx4HFHngOus:TEpCVeiyN9N65jEHJNB
TLSH T1F885AB35F0593662F84DCAB405F02DB403F66D75123B07C822BA395F96A7E6CAB64E34
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter iamdeadlyz
Tags:OlympOfReptiles RedLineStealer zip


Avatar
Iamdeadlyz
Fake Blockchain Games Deliver RedLine Stealer & Realst Stealer - A New macOS Infostealer Malware
https://iamdeadlyz.gitbook.io/malware-research/july-2023/fake-blockchain-games-deliver-redline-stealer-and-realst-stealer-a-new-macos-infostealer-malware

Intelligence

File Origin
# of uploads :
1
# of downloads :
100
Origin country :
SG SG
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:OlympOfReptilesGame.bin
File size:1'160'229'328 bytes
SHA256 hash: 7ba7f029b89f05033c24e08bc085d20d6fb42e7c8f11b07d028dbb133f64af12
MD5 hash: 1b6fa8ea139c3572529f28b0d43266ba
MIME type:application/octet-stream
Signature RedLineStealer
Vendor Threat Intelligence
Result
Verdict:
Malicious
File Type:
ZIP File - Malicious
Link:
https://app.docguard.net/0182b6df116ea6b7537bd843fed4828efdb5057b601844e1e95bead492436186/results/dashboard
Behaviour
SuspiciousEmbeddedObjects detected
Gathering data
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/0182b6df116ea6b7537bd843fed4828efdb5057b601844e1e95bead492436186
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/0182b6df116ea6b7537bd843fed4828efdb5057b601844e1e95bead492436186
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0182b6df116ea6b7537bd843fed4828efdb5057b601844e1e95bead492436186/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=agblnxyrn2tlou333bb75vecr363kbl3mamejypjlpvnjesdmgda._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/230706-xd334adg74/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/0182b6df116ea6b7537bd843fed4828efdb5057b601844e1e95bead492436186

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:weird_zip_high_compression_ratio
Create hunting rule
Author:Maxime THIEBAUT (@0xThiebaut)
Description:Detects single-entry ZIP files with a suspiciously high compression ratio (>100:1) and decompressed size above the 500MB AV limit
Reference:https://twitter.com/Cryptolaemus1/status/1633099154623803394

File information

The table below shows additional information about this malware sample such as delivery method and external references.

00ac5235afdd1c22b8a28d2f5cbfbf9d5127680d8991cf21abc035222d0a0613

RedLineStealer

zip 0182b6df116ea6b7537bd843fed4828efdb5057b601844e1e95bead492436186

(this sample)

7ba7f029b89f05033c24e08bc085d20d6fb42e7c8f11b07d028dbb133f64af12

  
Link
https://iamdeadlyz.gitbook.io/malware-research/july-2023/fake-blockchain-games-deliver-redline-stealer-and-realst-stealer-a-new-macos-infostealer-malware
  
Dropped by
SHA256 00ac5235afdd1c22b8a28d2f5cbfbf9d5127680d8991cf21abc035222d0a0613
  
Dropped by
SHA256 7a03645778fdb4669f2b568982a722d19bf2a386bba16399d9a681242b2dbc4f
  
Dropping
SHA256 7ba7f029b89f05033c24e08bc085d20d6fb42e7c8f11b07d028dbb133f64af12
  
Dropping
SHA256 6b9adb9e33519440e79d13f75d2ffa1a27cd9e419f75c069c0dd0d242b6184f4
  
Dropping
SHA256 725d1eba223411dcfa236897d059edb6d19f863a827c28ad4c6430285b7a0362
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2677979/
  
URLhaus
https://urlhaus.abuse.ch/url/2677981/
  
Dropping
MD5 700c0f173a3ddab6d62b94f86d50404c
  
Dropped by
MD5 cc53b90f2680000a6da047cd316951e5

Comments