MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 03022ec247910297d50399fe181651318c066349768a1775743ef603961bebc9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 03022ec247910297d50399fe181651318c066349768a1775743ef603961bebc9
SHA3-384 hash: 8e6ddbcf029f65eedd43082a4fd2c808837d426bfcd752dc906769b77f824ce0ce61732146d58049f9407aeba2ae6a2b
SHA1 hash: 52fbbed730545ba202e8a83fb0a9a3b3974589d0
MD5 hash: 8de2d061ba5e04e2c48e4dd8db48837a
humanhash: pennsylvania-three-emma-bacon
File name:mod menu gta 5.rar
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:631'326 bytes
First seen:2024-01-03 08:41:40 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
Note:This file is a password protected archive. The password is: 2023
ssdeep 12288:lV22s1EMXrGlNR/dTuOkTP+ywh1PciFAFeYr5P5oCA6oueb:lg2s1EgYR/RkTPY1ciEeY/odb
TLSH T191D423D9907E076C8603513B92C0A52C9FC07A8E511FA55E98D3C581F0897AF5BA7BF3
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Reporter tcains1
Tags:file-pumped pw-2023 rar RedLineStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
125
Origin country :
US US
File Archive Information

This file archive contains 7 file(s), sorted by their relevance:

File name:menu.lua
File size:1'703 bytes
SHA256 hash: acf758af407c17087f330e3b7c2f35f71a28459f1ab3ef6e6cc5bd48bdba8e9e
MD5 hash: df7647aa14ed779a76d1f41cea46a3ce
MIME type:text/plain
Signature RedLineStealer
File name:remote_settings.ini
File size:21 bytes
SHA256 hash: 708abf78a522f7487b43835002a78f3d886c039d77c04ee604af6b2b93083972
MD5 hash: 7dc38bdd20ae429df054bb3884ac557e
MIME type:text/plain
Signature RedLineStealer
File name:demo.lua
File size:152 bytes
SHA256 hash: dfacebf1e9be3ab1597f9b101a82ebba25dfce5f5037cd00cbe5643968e25007
MD5 hash: 0b8d78a47f9644b05ba7492bae032982
MIME type:text/plain
Signature RedLineStealer
File name:config.json
File size:3'159 bytes
SHA256 hash: 8c8718fcf10c614f23a0e6470b855b51354fb546236d8b968aeb82dc5c9bc572
MD5 hash: 1ba52e4b697e2decf6b23f34ac94acdb
MIME type:application/json
Signature RedLineStealer
File name:Read before installing.txt
File size:729 bytes
SHA256 hash: 4d1100e6ba8ef8955ec713946caaa60dda8ec85c9f5e80de782d39d2ae7282ea
MD5 hash: ff08a294ca76882eef4602fdf09e4899
MIME type:text/plain
Signature RedLineStealer
File name:Readme.api
File size:11'503 bytes
SHA256 hash: affa78642afe926d832399724020df03e50603aae294e2684f6e26801dbe4bdf
MD5 hash: 53b20b757f9354b67280b941c9d32aaf
MIME type:text/plain
Signature RedLineStealer
File name:modest-menu.exe
File size:402'944 bytes
SHA256 hash: 39ed0691e8683af93298ef48d1652a8bd774fd6d47813a75fe4f921a479036eb
MD5 hash: f821c797818d704df449f7f6d843ebf0
MIME type:application/x-dosexec
Signature RedLineStealer
Vendor Threat Intelligence
Gathering data
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/03022ec247910297d50399fe181651318c066349768a1775743ef603961bebc9
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/03022ec247910297d50399fe181651318c066349768a1775743ef603961bebc9/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ambc5qshsebjpvidth7bqfsrgggamy2jo2fbo5luh33ahfq35peq._file
Result
Malware family:
redline
Create hunting rule
Score:
  10/10
Tags:
family:redline botnet:@mass1vexdd brand:microsoft discovery infostealer phishing spyware stealer
Link:
https://tria.ge/reports/240103-k3a3dsceak/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Reads user/profile data of web browsers
RedLine
RedLine payload
Malware Config
C2 Extraction:
45.15.156.167:80
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/03022ec247910297d50399fe181651318c066349768a1775743ef603961bebc9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

rar 03022ec247910297d50399fe181651318c066349768a1775743ef603961bebc9

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2746187/

Comments