MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2485977c38ae2c0eb6bf21bf2170725924aa749e6c397f7230de7d6cf2d83287. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 3


Intelligence 3 IOCs 1 YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2485977c38ae2c0eb6bf21bf2170725924aa749e6c397f7230de7d6cf2d83287
SHA3-384 hash: e692c9f02208d87e3044bfe211c3063a69cf25f23fdecfb91a4916401d59921a98c92c85d58e9a12e54925868518bcfe
SHA1 hash: cb906b94d0c45c04f71218eba46190081dd8942e
MD5 hash: 283979dc33c411a9e75ec5d4c0214bf1
humanhash: zebra-victor-eighteen-hydrogen
File name:MetaLauncher.zip
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:5'459'882 bytes
First seen:2022-10-17 06:11:15 UTC
Last seen:Never
File type: zip
MIME type:application/zip
Note:This file is a password protected archive. The password is: 18881
ssdeep 98304:Of+81uWPOhRYkZW0eh7/P5BfOkbcuKjSSvatI:Ofv1uWPI8Z7BkS2atI
TLSH T1774633AE79B30D3479342B2CB28EC1EE852770516EFE4179D87601B2A4B5934BCD1DCA
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter iamdeadlyz
Tags:exe FakeMetaRun file-pumped MetaRacers pw-18881 RedLineStealer zip


Avatar
Iamdeadlyz
From metaracers.win (impersonation of metaverserun.io)
Password: 18881
RedLine Stealer C&C: 185.106.93.212:5616

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
185.106.93.212:5616 https://threatfox.abuse.ch/ioc/891575/

Intelligence

File Origin
# of uploads :
1
# of downloads :
240
Origin country :
n/a
File Archive Information

This file archive contains 40 file(s), sorted by their relevance:

File name:Windows.Data.TimeZones.da-DK.pri
File size:58'728 bytes
SHA256 hash: edfa21b93ca8e287cddc04641281a019b9734210cd859221eaac4c65e347cc3a
MD5 hash: c026c1996011f6554b6f1e00457a9f2c
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.tr-TR.pri
File size:59'992 bytes
SHA256 hash: 988b994ecce792d13b944e330c07bae2b31f83422fed98539e85c960aed5c96c
MD5 hash: cd84d139fbfe55c9ed4323b4186069fd
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.en-GB.pri
File size:60'264 bytes
SHA256 hash: f115194ef0c5ca1fb6b5db282ecdd1589a72b19cf07b7625bb84999beebc6e6a
MD5 hash: aae5b8cf9d71d1fe93e3acb9b11c0571
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.ko-KR.pri
File size:54'624 bytes
SHA256 hash: 25004071482b8b8c3b632ea3fffea1e2f3e08c8563cd9a43ef6871993ecff554
MD5 hash: cb8a60e502d21a5630f852f8bb24c0fb
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.ja-JP.pri
File size:53'688 bytes
SHA256 hash: bb334b03cfdad0e04ef026f17f48e860f1570166921a0b634a05d05373f42918
MD5 hash: 38327a60e9ba52306679de6df9f4c55d
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.de-DE.pri
File size:59'384 bytes
SHA256 hash: 255406e56ced1dc62fc3a10f090055d5f8f209018363cd26a264d058d9e1ac15
MD5 hash: f4406a7b443ce9d6847833521a592ee5
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.ro-RO.pri
File size:60'968 bytes
SHA256 hash: fc94b1a4635d912ab4c6785035881128b313ebdfa2e085487ff5fa99c9613ed0
MD5 hash: 364d041a57d1987452fac38f438a36ec
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.uk-UA.pri
File size:60'448 bytes
SHA256 hash: 8f05472118f4851fae5f60583d41df86ba93742941c540f1bd2d56e9e8fd76af
MD5 hash: 3860fe52b525dbd738086ac492ca25ea
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.zh-CN.pri
File size:53'088 bytes
SHA256 hash: 2fbac27b85b7fa0e2125b8decdb2715ae5d31698fb164f69b87058aaf08c6377
MD5 hash: a8a83ce0dd2c294a5eacba16bef68ac9
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.sl-SI.pri
File size:61'280 bytes
SHA256 hash: 0f81f6e058e219b08767c185873fdb2c49c244ca447f4ec5c222e3f78d9762c1
MD5 hash: 725b191ce94d81d88db473484518487a
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.el-GR.pri
File size:60'472 bytes
SHA256 hash: 4ffbf81520ff1799ff2bb9980e4f2a0c1a481b8a81ffea47336c3da247a21955
MD5 hash: 12bc00aaa53affc4ac75ca36026b0f7e
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.en-US.pri
File size:60'232 bytes
SHA256 hash: dc7619ae9ca45a9ee10f529790739f389e6cb48a8ef43c3b8c0994416fe313be
MD5 hash: c9fc44d96aad7aa18256c3275afc89c1
MIME type:application/octet-stream
Signature RedLineStealer
File name:MetaLauncher.exe
Pumped file This file is pumped. MalwareBazaar has de-pumped it.
File size:734'003'200 bytes
SHA256 hash: 2b74c16506089e7b924665f6b6995daec9304ee9faf8d32a149fe5eb4799cbcc
MD5 hash: ef0252c71127e6aecb0dce4026ec5b12
De-pumped file size:5'128'704 bytes (Vs. original size of 734'003'200 bytes)
De-pumped SHA256 hash: 12fc5509936eb1d8031861f3b44122df1a7c45b9e7433074c8b7c3bbe1e4c61f
De-pumped MD5 hash: 0608e8548e9f2980f7da6d2ba760155b
MIME type:application/x-dosexec
Signature RedLineStealer
File name:Windows.Data.TimeZones.es-ES.pri
File size:62'440 bytes
SHA256 hash: be74a52aefc4477746de5a724986dac67fe25af44f08140f6460aec03289ac46
MD5 hash: 814041542f6bdfb3096420196e1f9947
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.hr-HR.pri
File size:63'512 bytes
SHA256 hash: 414728a60bdf1280e6afeb33265441fe98cb712247513f40964316d536ce3098
MD5 hash: 3e6f6a2cdc0393f3aecb682bfe9720b0
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.nl-NL.pri
File size:60'960 bytes
SHA256 hash: 551b8df37682a9ed305aebf2316f9af06e2f2cb38fa450ab38c511f8db65abfa
MD5 hash: 2bfd2e8cccba20490bbaad805a60579e
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.hu-HU.pri
File size:59'608 bytes
SHA256 hash: 7e1026b000b1a19d290670f76196ef7ef989bce1a3332bc357bbadbacc130e95
MD5 hash: f2f1668003837e1a2e1d772b71455e3a
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.ar-SA.pri
File size:61'368 bytes
SHA256 hash: 5235f088abf83567158ebc9823361c6d48a6760a30d94c9c1278f344b4f1bc27
MD5 hash: cd06f6c5e16d133f513a7bf04b03a975
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.sv-SE.pri
File size:58'712 bytes
SHA256 hash: ed6b891b78f46f9eb4696b26c07c38495daacdaa371fe0a7d542888928e7b6e6
MD5 hash: fe2110d99fcfbf39efa852da6bca7a90
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.et-EE.pri
File size:59'176 bytes
SHA256 hash: ad0664e8b0ba063702370d23dd4f28a3f6798bdf4533a3a57982ae6f277c3cfd
MD5 hash: 8cf19d37bbdf2beb7809716cc0ad6649
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.cs-CZ.pri
File size:61'120 bytes
SHA256 hash: 6333f54bdc5dadc273bc81e2147946ec5eead2a4c1dd1c02f45f7aaa7f96282f
MD5 hash: dc3d2747afb38474bfc398c6a81bb667
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.pl-PL.pri
File size:61'016 bytes
SHA256 hash: 4ed554e37668cac910873a68c1ecea71652038b6f2a69071fa5f2eab6df45d13
MD5 hash: 81f433e8639528e501ba2114dd6cbaef
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.sk-SK.pri
File size:61'120 bytes
SHA256 hash: 7f76985fe3f3a06a2a6d8340af970dcffdb333886b47779e76d59c2f5c0b1ed5
MD5 hash: 34867aacc5bbf2ab0cb4ce034fa1819e
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.bg-BG.pri
File size:63'536 bytes
SHA256 hash: bce051c6ef5406f995468c92f4cf24b925fae820b16440075f693520dae0938c
MD5 hash: 7427eb5b4a8806490d5ba8fb4f26a88b
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.pri
File size:38'464 bytes
SHA256 hash: 4da7a88eb1297166a58c97118dd8c243bd56944e12bf37a72e83800676a56acf
MD5 hash: 659264736290835a96b6799888d2c977
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.sr-Latn-RS.pri
File size:62'840 bytes
SHA256 hash: fec82f0c32f3f6b2cc3f7a202096291fca0ee8950db479fa0b9f9b1f40b8dfc5
MD5 hash: eeaaa68f2107fc8b873cff762f80dcca
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.fr-FR.pri
File size:58'608 bytes
SHA256 hash: fe55ae7faf9f5ef2d1eccce242e4067ce1eb80d43e929d9b06e2b532afb4538a
MD5 hash: ba4d5212cc05b3418a75a680fe9c60bb
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.nb-NO.pri
File size:59'744 bytes
SHA256 hash: f2ebbc78e8a6d948602966666c850f2204a227eec9134665a281600c3eacca92
MD5 hash: c54e19a59616a934ce307d68d1f92c6b
MIME type:application/octet-stream
Signature RedLineStealer
File name:About.pdf
File size:189'714 bytes
SHA256 hash: dafccfc02c2ad502683ddf61224d6d66eba1e6d5ba13a92b15381af51bb4715a
MD5 hash: f8e98d604f7c63275ee8739708345baf
MIME type:application/pdf
Signature RedLineStealer
File name:Windows.Data.TimeZones.pt-PT.pri
File size:61'912 bytes
SHA256 hash: b32da327c542da510216da528607f650d62b3c2a994e89793b42df0344a69c53
MD5 hash: 7bc05d0daa68a1f4fd7cd8eeff9b8eaa
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.zh-TW.pri
File size:53'296 bytes
SHA256 hash: 10199f53ea067ed3374c17f96970a6449a53af9104d6bcec2987d4f87ac446f5
MD5 hash: 0a08dd4c1d278726e26e4eb74691107c
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.lv-LV.pri
File size:61'832 bytes
SHA256 hash: 1b5d35a3b33608a869fb4b5fa1a555ccf4fcfc94db86a029cf74360f15b18642
MD5 hash: 928b039299c21826e54248ae1033d182
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.lt-LT.pri
File size:62'752 bytes
SHA256 hash: d251cf0a77c6582b964534fe8a79f145fab0b287bf8790c2bbe743b9ee226bb2
MD5 hash: 10ff25d3ab636563273cc8cba30a0dac
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.it-IT.pri
File size:59'736 bytes
SHA256 hash: 7bb864616c52ced54b75da74248f45821f537eeebf30f6687cd218a48b568d4d
MD5 hash: 56128e460b95027f6ebcef1ad09135fa
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.he-IL.pri
File size:58'400 bytes
SHA256 hash: fb0075517b20084f88759ecbb9d8f770018bb5b92764138be95931d58943f1d9
MD5 hash: 76920b889d7eb6925a8fdc2a10b58bc5
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.ru-RU.pri
File size:59'848 bytes
SHA256 hash: 990f9a755681f1557f1ea4c6fd4891d94be0bb40c8cfd8fcba681d491f405ca4
MD5 hash: 4cb1bca419ddc1133acca3cdef914b07
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.zh-HK.pri
File size:53'296 bytes
SHA256 hash: d472e3a9e2b7da7e796813de306fe22ca99ceacae3af7a6082a4f2c6facf92ee
MD5 hash: de49bacebc4a0d6a39633a41d02b47fc
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.pt-BR.pri
File size:63'400 bytes
SHA256 hash: 6d35f36eebe84a69ffc604af0215916d76fe665674e2d8ca4f0ae2dfc95c9401
MD5 hash: 156ce417167eb988b57689464a259150
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.th-TH.pri
File size:60'456 bytes
SHA256 hash: 078f83ea5094f15a0f8b60f57737987161f178d512198f268057c10028c83368
MD5 hash: c29991bc708f7b0b4e1df4b9f90df516
MIME type:application/octet-stream
Signature RedLineStealer
File name:Windows.Data.TimeZones.fi-FI.pri
File size:60'136 bytes
SHA256 hash: 98f11f4083f64b577ed9273847210138b235e6db525a1c92de91634ca0db85d1
MD5 hash: 2cf2bbe7fd1d66b8fc0f8a117d88e023
MIME type:application/octet-stream
Signature RedLineStealer
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.62871463.5318.22654.UNOFFICIAL
Create hunting rule

Gathering data
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/2485977c38ae2c0eb6bf21bf2170725924aa749e6c397f7230de7d6cf2d83287
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2485977c38ae2c0eb6bf21bf2170725924aa749e6c397f7230de7d6cf2d83287/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=esczo7byvywa5nv7eg7sc4dslesku5e6nq4x64rq3z6wz4wygkdq._file
Gathering data
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

zip 2485977c38ae2c0eb6bf21bf2170725924aa749e6c397f7230de7d6cf2d83287

(this sample)

2B74C16506089E7B924665F6B6995DAEC9304EE9FAF8D32A149FE5EB4799CBCC

  
Delivery method
Distributed via web download
  
Dropping
SHA256 2B74C16506089E7B924665F6B6995DAEC9304EE9FAF8D32A149FE5EB4799CBCC
  
URLhaus
https://urlhaus.abuse.ch/url/2376368/
  
X
https://twitter.com/Iamdeadlyz/status/1581909536515903491
  
Dropping
SHA256 a0ed1b03299900a0b14059932808da30caccab6f3a6f5286a581b524034d84a7
  
Dropping
MD5 2a7451848b83d8cee233c4f844c87378

Comments