MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7a03645778fdb4669f2b568982a722d19bf2a386bba16399d9a681242b2dbc4f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 7


Intelligence 7 IOCs YARA 7 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7a03645778fdb4669f2b568982a722d19bf2a386bba16399d9a681242b2dbc4f
SHA3-384 hash: 867500add1f28c38045e2285cb39a6d7fc05b9bdbd3d1b5442f13f71f6cf17ce23d9a0e38316c8bc10025e8f7a48006c
SHA1 hash: e08e6cee632ca017f0d46cab4397b23a44185c96
MD5 hash: cc53b90f2680000a6da047cd316951e5
humanhash: butter-rugby-paris-dakota
File name:OlympOfReptiles.exe
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:18'006'528 bytes
First seen:2023-07-06 17:25:36 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e570a5ba1acc24c066e0421ddaeb64f5 (1 x RedLineStealer)
ssdeep 196608:ZAFJn6Pm1RQaR0o0uxT9Nozy9h33PxZynS4w4V/Jsv6tWKFdu9CkA1JV:ZxuRQaape5ZH4V/Jsv6tWKFdu9CBJ
TLSH T15A074B91A5C24062F674A0314C3E917FAA216B96477177EFB3886B8B5A30FE12D3734D
TrID 74.4% (.CPL) Windows Control Panel Item (generic) (197083/11/60)
15.7% (.EXE) Win32 EXE PECompact compressed (generic) (41569/9/9)
3.9% (.EXE) Win64 Executable (generic) (10523/12/4)
1.9% (.EXE) Win16 NE executable (generic) (5038/12/1)
1.7% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon b870897a27148cb5 (2 x RedLineStealer)
Reporter iamdeadlyz
Tags:exe OlympOfReptiles RedLineStealer


Avatar
Iamdeadlyz
Fake Blockchain Games Deliver RedLine Stealer & Realst Stealer - A New macOS Infostealer Malware
https://iamdeadlyz.gitbook.io/malware-research/july-2023/fake-blockchain-games-deliver-redline-stealer-and-realst-stealer-a-new-macos-infostealer-malware

Intelligence

File Origin
# of uploads :
1
# of downloads :
279
Origin country :
SG SG
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
OlympOfReptiles.exe
Verdict:
No threats detected
Analysis date:
2023-07-06 17:27:02 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/4ff54b6f-2306-4a61-bc67-e70ce9ceb7f9

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/96056/overview
Behaviour
MalwareBazaar
MeasuringTime
EvasionQueryPerformanceCounter
CheckCmdLine
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
control datper greyware keylogger lolbin packed remote replace
Link:
https://www.filescan.io/uploads/64a6f92e631db84968f20e42/reports/4609cfd2-84ac-4c74-9602-8d9c83629c35/overview
Verdict:
Malicious
Labled as:
Win/grayware_confidence_60%
Link:
https://www.hybrid-analysis.com/sample/7a03645778fdb4669f2b568982a722d19bf2a386bba16399d9a681242b2dbc4f
Result
Verdict:
MALICIOUS
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/b4f0aa7a-86d0-40c3-ac8e-fe7c07f5a55d
Result
Threat name:
n/a
Detection:
clean
Classification:
n/a
Score:
2 / 100
Link:
https://www.joesandbox.com/analysis/1268403
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7a03645778fdb4669f2b568982a722d19bf2a386bba16399d9a681242b2dbc4f/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pibwiv3y7w2gnhzlk2eyfjzc2gn7fi4gxoqwhgozu2asikznxrhq._file
Verdict:
unknown
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230706-vzvbzaef4z/
Unpacked files
SH256 hash:
7a03645778fdb4669f2b568982a722d19bf2a386bba16399d9a681242b2dbc4f
MD5 hash:
cc53b90f2680000a6da047cd316951e5
SHA1 hash:
e08e6cee632ca017f0d46cab4397b23a44185c96
Link:
https://www.unpac.me/results/84e9a5a1-af2d-49f0-ab5d-9bc1a1fb797d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7a03645778fdb4669f2b568982a722d19bf2a386bba16399d9a681242b2dbc4f

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:BitcoinAddress
Create hunting rule
Author:Didier Stevens (@DidierStevens)
Description:Contains a valid Bitcoin address
Rule name:dsc
Create hunting rule
Author:Aaron DeVera
Description:Discord domains
Rule name:QbotStuff
Create hunting rule
Author:anonymous
Rule name:SUSP_Websites
Create hunting rule
Author:SECUINFRA Falcon Team
Description:Detects the reference of suspicious sites that might be used to download further malware
Rule name:without_attachments
Create hunting rule
Author:Antonio Sanchez <asanchez@hispasec.com>
Description:Rule to detect the no presence of any attachment
Reference:http://laboratorio.blogs.hispasec.com/
Rule name:with_urls
Create hunting rule
Author:Antonio Sanchez <asanchez@hispasec.com>
Description:Rule to detect the presence of an or several urls
Reference:http://laboratorio.blogs.hispasec.com/
Rule name:yara_template
Create hunting rule

File information

The table below shows additional information about this malware sample such as delivery method and external references.

00ac5235afdd1c22b8a28d2f5cbfbf9d5127680d8991cf21abc035222d0a0613

RedLineStealer

Executable exe 7a03645778fdb4669f2b568982a722d19bf2a386bba16399d9a681242b2dbc4f

(this sample)

7ba7f029b89f05033c24e08bc085d20d6fb42e7c8f11b07d028dbb133f64af12

RedLineStealer

zip 0182b6df116ea6b7537bd843fed4828efdb5057b601844e1e95bead492436186

  
Link
https://iamdeadlyz.gitbook.io/malware-research/july-2023/fake-blockchain-games-deliver-redline-stealer-and-realst-stealer-a-new-macos-infostealer-malware
  
Dropped by
SHA256 00ac5235afdd1c22b8a28d2f5cbfbf9d5127680d8991cf21abc035222d0a0613
  
Dropping
SHA256 0182b6df116ea6b7537bd843fed4828efdb5057b601844e1e95bead492436186
  
Dropping
SHA256 7ba7f029b89f05033c24e08bc085d20d6fb42e7c8f11b07d028dbb133f64af12
  
Dropping
SHA256 6b9adb9e33519440e79d13f75d2ffa1a27cd9e419f75c069c0dd0d242b6184f4
  
Dropping
SHA256 725d1eba223411dcfa236897d059edb6d19f863a827c28ad4c6430285b7a0362
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2677979/
  
URLhaus
https://urlhaus.abuse.ch/url/2677981/
  
Dropping
MD5 950e1390092ce15738f8fd0a34af1378
  
Dropping
MD5 700c0f173a3ddab6d62b94f86d50404c

Comments