MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 5eab59869728c98ff7d30af4033958c5da68d2403dfdbbeecb0c2cc03f69712f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
RedLineStealer
Vendor detections: 5
| SHA256 hash: | 5eab59869728c98ff7d30af4033958c5da68d2403dfdbbeecb0c2cc03f69712f |
|---|---|
| SHA3-384 hash: | c6e1736c20699ce8020fdcce4ba840b5cfeddc04a2fc4908ab1da97a0c9dedd56d5e9cc027e0fc1af1bfff12b19bee1e |
| SHA1 hash: | 06b7999d636c22847a3f122f325f085ffb577b42 |
| MD5 hash: | 26cd0ff7a3b8e92ce4b1f755870649bd |
| humanhash: | stairway-louisiana-quebec-cat |
| File name: | meta_build.zip |
| Download: | download sample |
| Signature | RedLineStealer |
| File size: | 17'476'855 bytes |
| First seen: | 2023-02-14 13:24:33 UTC |
| Last seen: | Never |
| File type: | zip |
| MIME type: | application/zip |
| ssdeep | 393216:678rooP9xCnJ8BEolVBj+IyduT38zTku2aWfpuyjc9:BrfP9YnejbyY38zTkLw9 |
| TLSH | T163072329F46632B1E84DCAF005F00DA403E56DB1236B9BC423B9365F967BE6DDA74930 |
| TrID | 80.0% (.ZIP) ZIP compressed archive (4000/1) 20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1) |
| Reporter |  iamdeadlyz |
| Tags: | 201-184-48-82 crashreportcdn-dot-com exe RedLineStealer SpacePearl zip |
Iamdeadlyz
From spacepearl.io (fake P2E game - plagiarised contents from multiple sources - fake team)Contains 4e2201550f99defa680ab58ced545a76b5b555f779f3478b13f556d35d5e186c (persistence - startup folder)
RedLineStealer C&C: 201.184.48.82:40239
Malicious traffic to C&C: crashreportcdn.com
Intelligence
File Origin
# of uploads :
1
# of downloads :
219
Origin country :
n/a
File Archive Information
This file archive contains 1 file(s), sorted by their relevance:
| File name: | meta_build.exe |
|---|---|
| File size: | 800'395'264 bytes |
| SHA256 hash: | 4e2201550f99defa680ab58ced545a76b5b555f779f3478b13f556d35d5e186c |
| MD5 hash: | 5c2e633777101b7ee091fb974bd551ad |
| MIME type: | application/x-dosexec |
| Signature | RedLineStealer |
Vendor Threat Intelligence
Verdict:
Likely Malicious
Threat level:
7.5/10
Confidence:
100%
Tags:
large-file packed packed
Result
Verdict:
MALICIOUS
Link:
Detection(s):
Suspicious file
Result
Malware family:
n/a
Score:
7/10
Tags:
spyware stealer
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Drops startup file
Reads user/profile data of web browsers
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.54
File information
The table below shows additional information about this malware sample such as delivery method and external references.
253e3a339c2aa3b7beae2b01862658882839e2d0a9bcd374cfa64c6222065e71
RedLineStealer
zip 5eab59869728c98ff7d30af4033958c5da68d2403dfdbbeecb0c2cc03f69712f
(this sample)
4e2201550f99defa680ab58ced545a76b5b555f779f3478b13f556d35d5e186c
Dropped by
SHA256 253e3a339c2aa3b7beae2b01862658882839e2d0a9bcd374cfa64c6222065e71
Dropping
SHA256 4e2201550f99defa680ab58ced545a76b5b555f779f3478b13f556d35d5e186c
Dropping
SHA256 5992a0c63d7128b587c3a8c7a06b70f4136bd6fceea7fc420a664b33c08ecb83
Delivery method
Distributed via web download
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.