MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 210335383268c66bfdcb0f2b03dd957b33f79b171a81376851fcf95c28e0ddec. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
RedLineStealer
Vendor detections: 4
| SHA256 hash: | 210335383268c66bfdcb0f2b03dd957b33f79b171a81376851fcf95c28e0ddec |
|---|---|
| SHA3-384 hash: | 701ebf464e58a1b71797ec69c8b475a1e44c76bb369656a0799430f3ae3429c8706eb12ddfe4591622f7c8a07af1def7 |
| SHA1 hash: | 8f827b16ab443ff42c436bc88491ac7c13f1eead |
| MD5 hash: | 2e241cad474ac5b261b57ecfc330ff04 |
| humanhash: | table-carpet-mirror-washington |
| File name: | Xeonus.rar |
| Download: | download sample |
| Signature | RedLineStealer |
| File size: | 3'269'241 bytes |
| First seen: | 2022-11-10 17:36:05 UTC |
| Last seen: | Never |
| File type: | rar |
| MIME type: | application/x-rar |
| Note: | This file is a password protected archive. The password is: XeonusWallet2022 |
| ssdeep | 49152:e1QWH5u5IcOsrN4Miqpygqmtu/jKmFYeqlxJYNNwINPR0onDJVJZXjkk4fZzdNb:0Q65ukMi/+u7KmFYeMgNxJptnek4f3Nb |
| TLSH | T198E533EBA01D0D1B9626D30AEE439CE29B65DBD8D8A00717B54B06CCA7B0A50F74DD36 |
| TrID | 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1) 38.4% (.RAR) RAR compressed archive (gen) (5000/1) |
| Reporter |  iamdeadlyz |
| Tags: | exe file-pumped pw XeonusWallet2022 rar RedLineStealer XeonusWallet |
Indicators Of Compromise (IOCs)
Below is a list of indicators of compromise (IOCs) associated with this malware samples.
| IOC | ThreatFox Reference |
|---|---|
| 167.235.233.35:16621 | https://threatfox.abuse.ch/ioc/842482/ |
Intelligence
File Origin
# of uploads :
1
# of downloads :
242
Origin country :
n/a
File Archive Information
This file is a password protected archive. The password is: XeonusWallet2022
This file archive contains 46 file(s), sorted by their relevance:
| File name: | Polygon.png |
|---|---|
| File size: | 743 bytes |
| SHA256 hash: | 256b5f81cd1c7a67af248dbb4732e9999a2dffeeb57006b8e240a1166a085763 |
| MD5 hash: | 594c0ff8175c83a55b119627c8902612 |
| MIME type: | image/png |
| Signature | RedLineStealer |
| File name: | bg.pak |
|---|---|
| File size: | 611'079 bytes |
| SHA256 hash: | 67413b0b90b6646c4a584ca786a35aec7b4926fd4007e75d9196c944b46df02f |
| MD5 hash: | 03bdb0153929f96ad9ac8bad7201de71 |
| MIME type: | application/octet-stream |
| Signature | RedLineStealer |
| File name: | he.pak |
|---|---|
| File size: | 469'838 bytes |
| SHA256 hash: | 2b623033889cea25d2a8a99e275bf6e21489b33f8dd5db97c6572bf1106f6e60 |
| MD5 hash: | 61a11f620e56056ee7e08535dd4f0f05 |
| MIME type: | application/octet-stream |
| Signature | RedLineStealer |
| File name: | en-GB.pak |
|---|---|
| File size: | 300'650 bytes |
| SHA256 hash: | 186b697cfc4718c9ba3c6896671ef56d776cdf30f7212a061f8b2a6203b9bac3 |
| MD5 hash: | ca79f7e2286ea036b80cacd634233731 |
| MIME type: | application/octet-stream |
| Signature | RedLineStealer |
| File name: | libssl-1_1-x64.dll |
|---|---|
| File size: | 702'056 bytes |
| SHA256 hash: | 4ef79023f175904cce3bbadb13c879a5b1a89b4ba29c5587258afea91291a756 |
| MD5 hash: | dc3ac8e946811e69edd14045804e2c01 |
| MIME type: | application/x-dosexec |
| Signature | RedLineStealer |
| File name: | Optimism.png |
|---|---|
| File size: | 540 bytes |
| SHA256 hash: | c0d12479ab6609f60df60123b43ac82573fdd426e8bf9853db2724640ab359d2 |
| MD5 hash: | ed3f25385763dfa6d50ad83fcb67291c |
| MIME type: | image/png |
| Signature | RedLineStealer |
| File name: | XeonusWallet.exe |
|---|---|
| Pumped file | This file is pumped. MalwareBazaar has de-pumped it. |
| File size: | 666'000'000 bytes |
| SHA256 hash: | 57d32dfb1776790c7e0bf5be4e8a930078b242c5c023cb69655bbb4f83ec91ef |
| MD5 hash: | a6b6e62a696aac7be29defb0b0c7f5c6 |
| De-pumped file size: | 1'864'704 bytes (Vs. original size of 666'000'000 bytes) |
| De-pumped SHA256 hash: | 711e2cc9177883ae471f21f0d8e92fab20fb7be70b5e7e8df0465d2e22525eb0 |
| De-pumped MD5 hash: | 5476e49c37087f27e4246f11ff002986 |
| MIME type: | application/x-dosexec |
| Signature | RedLineStealer |
| File name: | ws_com.dll |
|---|---|
| File size: | 430'512 bytes |
| SHA256 hash: | 90aafb599fc95d1bc14195292cc5899300154b7b522c2041b853c4f165ebe789 |
| MD5 hash: | 4f82a0a90a57be3ada6eefdfef76209a |
| MIME type: | application/x-dosexec |
| Signature | RedLineStealer |
| File name: | de.pak |
|---|---|
| File size: | 368'726 bytes |
| SHA256 hash: | 17b98abe332a2ee7d36e637b473742df9b3dbe0984e0b7380c547135601bdddc |
| MD5 hash: | d16a67c02f9cdb288e7ec3399994a33c |
| MIME type: | application/octet-stream |
| Signature | RedLineStealer |
| File name: | ar.pak |
|---|---|
| File size: | 574'261 bytes |
| SHA256 hash: | 9274d60eddc28a261943258fa644587c4586e91c4bc415346f0b79b20676ada8 |
| MD5 hash: | 2af71e74a1aae789fb3c7cfe1aec91ab |
| MIME type: | application/octet-stream |
| Signature | RedLineStealer |
| File name: | RELEASES |
|---|---|
| File size: | 79 bytes |
| SHA256 hash: | 01562e61a262728653ad60cc126c062786dca1d5a2022b92912e62e110212c70 |
| MD5 hash: | 2fabe211a02d5a45697db82e483a3eba |
| MIME type: | text/plain |
| Signature | RedLineStealer |
| File name: | am.pak |
|---|---|
| File size: | 532'161 bytes |
| SHA256 hash: | 90e20a4038078ad45374ef843b405aeb62e954e1910adb3537c794055b8f2ace |
| MD5 hash: | aed56748fb15ca4c96e4550051b460cc |
| MIME type: | application/octet-stream |
| Signature | RedLineStealer |
| File name: | Aurora.png |
|---|---|
| File size: | 650 bytes |
| SHA256 hash: | 16abd60b8f2fd7e02a734be780e352fa112c1cec5d97b7733ac4e8fb41261742 |
| MD5 hash: | bd81c89ee8f93ce7ef5247ca1f925b0b |
| MIME type: | image/png |
| Signature | RedLineStealer |
| File name: | hi.pak |
|---|---|
| File size: | 789'419 bytes |
| SHA256 hash: | 056db0cc0ec69f6ee09b46ab20ec8f24368b872c2e2334744a77c4aa811c9e2d |
| MD5 hash: | 551e17fdf75742ec3363fe6d08e6b27e |
| MIME type: | application/octet-stream |
| Signature | RedLineStealer |
| File name: | 62602cfe0129a12547ca7ca0_Backed by the best2.png |
|---|---|
| File size: | 1'997 bytes |
| SHA256 hash: | 756137b0597054dcf2414da443d2120bbfea51387b2a195b446197c929989f1b |
| MD5 hash: | 73fa9b785dbb8216e0a960c6b7d6ee14 |
| MIME type: | image/png |
| Signature | RedLineStealer |
| File name: | Fantom.png |
|---|---|
| File size: | 574 bytes |
| SHA256 hash: | cfe07a9e96b42efc022824dd516ea367186ea77d323fe6e918ef43b650cc3b15 |
| MD5 hash: | 1326187fb3e8d0d7aa160f450e635cb5 |
| MIME type: | image/png |
| Signature | RedLineStealer |
| File name: | 2.png |
|---|---|
| File size: | 2'787 bytes |
| SHA256 hash: | 3e2d2bb16af37eda2bb241ce3f15b9e9fecd3a7177096bcaba682a708304fa14 |
| MD5 hash: | 58331baa80e1c18de7eca34889ce701e |
| MIME type: | image/png |
| Signature | RedLineStealer |
| File name: | Avalanche.png |
|---|---|
| File size: | 664 bytes |
| SHA256 hash: | 651a72ba0fe1b23dd3e5ecc9b4ecfffe266228c2dda30130a870f58f68f440d8 |
| MD5 hash: | ffc04a38862eace2f60a9293bc832936 |
| MIME type: | image/png |
| Signature | RedLineStealer |
| File name: | snapshot_blob.bin |
|---|---|
| File size: | 411'024 bytes |
| SHA256 hash: | bfccea28f0202a963449ddabfe210182b03c2b58833742d388f0e6eec3ad78e3 |
| MD5 hash: | 98b334e57cd2b6f0477a075b745454aa |
| MIME type: | application/octet-stream |
| Signature | RedLineStealer |
| File name: | open_source_licenses.txt |
|---|---|
| File size: | 58'852 bytes |
| SHA256 hash: | 16b3ec6a26e7ddb0f58c3c0315f80052daf425cecda2a7b5f2db7c3b5f8ae0ce |
| MD5 hash: | 0f0f5ef9654d98adbb19cd23820b6b18 |
| MIME type: | text/plain |
| Signature | RedLineStealer |
| File name: | bn.pak |
|---|---|
| File size: | 783'768 bytes |
| SHA256 hash: | 6e2470842ff95bbe09cead9d1e22c15ee73231448fe6968a8d6f2d74e7c59178 |
| MD5 hash: | fbe7dc2b6bf403cde758eb515b7d4b8a |
| MIME type: | application/octet-stream |
| Signature | RedLineStealer |
| File name: | 3.png |
|---|---|
| File size: | 1'854 bytes |
| SHA256 hash: | c14cfe8969bfd9d7c0584c180bc7fa75d5ddc99c080f7e1778b4a39997b1479b |
| MD5 hash: | 1d8da5f00273bc1c7f537886cf9dc736 |
| MIME type: | image/png |
| Signature | RedLineStealer |
| File name: | en-US.pak |
|---|---|
| File size: | 303'030 bytes |
| SHA256 hash: | c4a2c6a90945868a02ad14b3a994e94b123981d56190bd34cc3cb14f31f2270b |
| MD5 hash: | a2ed0e17819c287b824cae5c0ac03af7 |
| MIME type: | application/octet-stream |
| Signature | RedLineStealer |
| File name: | Ethereum.png |
|---|---|
| File size: | 722 bytes |
| SHA256 hash: | f3d6f816fbe950cebf4c54e643015978484aea9d8011f034d73967f8b8a88633 |
| MD5 hash: | 6c1f24ff25878e08853e495c0852bb89 |
| MIME type: | image/png |
| Signature | RedLineStealer |
| File name: | da.pak |
|---|---|
| File size: | 343'427 bytes |
| SHA256 hash: | e211fed5abd72cfb641333414b4b2ae5f32bc59151d863e9cbe038a5d8390952 |
| MD5 hash: | 7222ed24c57c7f033681f6b563205e3f |
| MIME type: | application/octet-stream |
| Signature | RedLineStealer |
| File name: | 4.png |
|---|---|
| File size: | 1'562 bytes |
| SHA256 hash: | c38e9486b18d00ef2a4f64fd79215ee01c220a834b9693dee172babe1a4d455b |
| MD5 hash: | 4caae15967c0ef2e21f114d8206a4a8f |
| MIME type: | image/png |
| Signature | RedLineStealer |
| File name: | 62602cfea2787f4cf837978a_Backed by the best3.png |
|---|---|
| File size: | 2'713 bytes |
| SHA256 hash: | d84fb92dae1cbea5384f73b50daf0208eb222d90a5aa9c188e60258c6bb1314b |
| MD5 hash: | 7ad6c77ce4b4defb7b68f33f4526b13a |
| MIME type: | image/png |
| Signature | RedLineStealer |
| File name: | 1.png |
|---|---|
| File size: | 4'084 bytes |
| SHA256 hash: | 18a5b694b16449847a5c6f26d351c1db789a3dbf1df6665e2392352fbf1cfa68 |
| MD5 hash: | 79c4c58db6a518e7f03e2b1eac9b2bf5 |
| MIME type: | image/png |
| Signature | RedLineStealer |
| File name: | cs.pak |
|---|---|
| File size: | 378'805 bytes |
| SHA256 hash: | 9f53df9c3e5658f7b9dec9900a671e06ad83601a59029fea0a195893049c5feb |
| MD5 hash: | 146aac893ae2282cd6f155c7e4246734 |
| MIME type: | application/octet-stream |
| Signature | RedLineStealer |
| File name: | v8_context_snapshot.bin |
|---|---|
| File size: | 733'672 bytes |
| SHA256 hash: | 83031cb1ea99bd520eeb4e29683077163ed4359769d84bb78d373475fb95b1cc |
| MD5 hash: | 25727ffbdf9cc388e7cce38bbfbdb62a |
| MIME type: | application/octet-stream |
| Signature | RedLineStealer |
| File name: | libpkcs11-helper-1.dll |
|---|---|
| File size: | 113'256 bytes |
| SHA256 hash: | 8561948a5dd03b180376ec94a703b5d8d7bae05c671d65cf581e9bdd96911c82 |
| MD5 hash: | 749d553a6e40f5dc0787913f0b1967a0 |
| MIME type: | application/x-dosexec |
| Signature | RedLineStealer |
| File name: | libEGL.dll |
|---|---|
| File size: | 473'568 bytes |
| SHA256 hash: | 67579b513451065e2b2f294af45520cfabf1cf0579542597d88572082fad1fc8 |
| MD5 hash: | c758fbe02e7a8a6fc43f7eafb300bb18 |
| MIME type: | application/x-dosexec |
| Signature | RedLineStealer |
| File name: | ca.pak |
|---|---|
| File size: | 372'017 bytes |
| SHA256 hash: | 28dcc1c37459d9f7e450dbc94cde73eea2ec100f9e2d5729d9a34ae514e40f4d |
| MD5 hash: | 9d2bec9781804347bbfc98b0168e5fee |
| MIME type: | application/octet-stream |
| Signature | RedLineStealer |
| File name: | photo_2022-10-14_02-16-42.jpg |
|---|---|
| File size: | 7'405 bytes |
| SHA256 hash: | 3ab83f2793593b2baae5ee155ac180312f80cf014d75211b00406ae2debab971 |
| MD5 hash: | 7dec186fd82a80767adb67063af37dd0 |
| MIME type: | image/jpeg |
| Signature | RedLineStealer |
| File name: | af.pak |
|---|---|
| File size: | 328'679 bytes |
| SHA256 hash: | 0dc74a936d57a465f877030f5c91d2e5e22c2e2af3c8733c96238955f2f18cbc |
| MD5 hash: | 17e95507f1fa28c93fdb16462c5b520f |
| MIME type: | application/octet-stream |
| Signature | RedLineStealer |
| File name: | chrome_200_percent.pak |
|---|---|
| File size: | 179'318 bytes |
| SHA256 hash: | d4282ae977f23afe252e19e421c8d09696ea3b83a1e73a6aaebaaa5547c74cbc |
| MD5 hash: | 3bab45c70f22646cf8452c30903810cb |
| MIME type: | application/octet-stream |
| Signature | RedLineStealer |
| File name: | el.pak |
|---|---|
| File size: | 665'869 bytes |
| SHA256 hash: | 30acee7ec34d80bdda42f505a81c8a9a9ac24cb881f92ec6600d4f23cef2756b |
| MD5 hash: | 3137c0e418547ea635d56d95bcc77f4d |
| MIME type: | application/octet-stream |
| Signature | RedLineStealer |
| File name: | Gnosis Chain.png |
|---|---|
| File size: | 827 bytes |
| SHA256 hash: | a56088aca96f7441ff572c620f9d7c7c835e2a9f2bc11fc834096560fccf236f |
| MD5 hash: | f4484e0cab9033d24556c8f13692adb4 |
| MIME type: | image/png |
| Signature | RedLineStealer |
| File name: | photo_2022-10-14_02-29-29.jpg |
|---|---|
| File size: | 8'350 bytes |
| SHA256 hash: | c4e727c5c49ce757c67af6949b194ba459976bbbeeadbb4d8e370f8a97ce9683 |
| MD5 hash: | 042f9b92570cec48db9e6dce269386bb |
| MIME type: | image/jpeg |
| Signature | RedLineStealer |
| File name: | favicon-32x32.png |
|---|---|
| File size: | 417 bytes |
| SHA256 hash: | f4ad8eb4a2e9349a3ad69ec1f9de145030ca4e28a108fef1536782e38c0c53a0 |
| MD5 hash: | f6cd86b1d1d00eff815c2800cb5aad31 |
| MIME type: | image/png |
| Signature | RedLineStealer |
| File name: | 62602cfe961e2ff281772b44_Backed by the best1.png |
|---|---|
| File size: | 2'383 bytes |
| SHA256 hash: | 42d586f6fb06a47a300a0af12c7c2b35e6609605dc2d5c1b055edb2fd24ecc57 |
| MD5 hash: | 075888271e40b3f7880dd6dce4698f94 |
| MIME type: | image/png |
| Signature | RedLineStealer |
| File name: | Button_1.png |
|---|---|
| File size: | 732 bytes |
| SHA256 hash: | 959d9edc17d30b24a824327973986e9dc429db2b39fb6027ef8fbca8839bc925 |
| MD5 hash: | 8a879b589d2736eb028e951c6157cfe2 |
| MIME type: | image/png |
| Signature | RedLineStealer |
| File name: | chrome_100_percent.pak |
|---|---|
| File size: | 129'228 bytes |
| SHA256 hash: | 662a9db6ef4197cb4b6c50648a2cafceb7fd903015828df3fee605a602370be0 |
| MD5 hash: | a3d4515d3a33a407d313a62818e82a5d |
| MIME type: | application/octet-stream |
| Signature | RedLineStealer |
| File name: | Arbitrum.png |
|---|---|
| File size: | 1'029 bytes |
| SHA256 hash: | 9a1508274047ad4e2e47babdc026134b881b924967a168221b333f1ea7e0f518 |
| MD5 hash: | f2a1694fa8125c2c7c400e920bcd7e2d |
| MIME type: | image/png |
| Signature | RedLineStealer |
| File name: | libssl-1_1.dll |
|---|---|
| File size: | 548'456 bytes |
| SHA256 hash: | d4df1cf9727e71e3ea03c0b11e3999dbb2c3b97f3e053c9ac823747d37396db8 |
| MD5 hash: | b459dc62cea3b9864bf3b23043ecdbc1 |
| MIME type: | application/x-dosexec |
| Signature | RedLineStealer |
| File name: | LICENSE |
|---|---|
| File size: | 1'096 bytes |
| SHA256 hash: | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| MD5 hash: | 4d42118d35941e0f664dddbd83f633c5 |
| MIME type: | text/plain |
| Signature | RedLineStealer |
Vendor Threat Intelligence
Gathering data
Result
Verdict:
UNKNOWN
Detection(s):
Suspicious file
Result
Malware family:
redline
Score:
10/10
Tags:
family:redline botnet:xeonusexeddddd infostealer spyware
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Accesses cryptocurrency files/wallets, possible credential harvesting
RedLine
Malware Config
C2 Extraction:
167.235.233.35:16621
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Redline
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
RedLineStealer
rar 210335383268c66bfdcb0f2b03dd957b33f79b171a81376851fcf95c28e0ddec
(this sample)
57d32dfb1776790c7e0bf5be4e8a930078b242c5c023cb69655bbb4f83ec91ef
Dropping
SHA256 57d32dfb1776790c7e0bf5be4e8a930078b242c5c023cb69655bbb4f83ec91ef
Delivery method
Distributed via web download
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.