MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 86ea564e8b1f94c597ad594c40f3a49f763a18f697f7a21879ed296365b860d3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 3


Intelligence 3 IOCs 1 YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 86ea564e8b1f94c597ad594c40f3a49f763a18f697f7a21879ed296365b860d3
SHA3-384 hash: 03fd0f2f65ad92e7a442b109e18294f9df96c22bd5edf6d62d517c8cbb8e749e91fa2a73063f524aff28ee699d1e92f8
SHA1 hash: 65783d97e8e4f7ca907ccf95e2323c17b0ab253d
MD5 hash: 5e2fb444919df46bf6cf6558fa930076
humanhash: pluto-oregon-leopard-pizza
File name:Wayfarer_v1.2.8.zip
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:30'717'512 bytes
First seen:2022-11-13 18:00:52 UTC
Last seen:Never
File type: zip
MIME type:application/zip
Note:This file is a password protected archive. The password is: X9U3Z1R8W6
ssdeep 393216:h5EwyV5oq0eUaV70o2Su+CU+yGqvOU69QwLovtIXTUChHEtod6cRO8AESgrQr3au:hUfXlU3hz1LyowvQTzhHMck8G0yA/Wz
TLSH T133673331DA67840312FFDFFF684F14CF099A764562C549B27A45A04BF4845BE2AFBA80
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter iamdeadlyz
Tags:exe file-pumped pw X9U3Z1R8W6 RedLineStealer SpaceDeepy zip


Avatar
Iamdeadlyz
From spacedeepy.com (impersonation of solantasy.com and oxocapital.fund)
h/t to fireflyframer
RedLineStealer C&C: 77.73.134.13:3660

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
77.73.134.13:3660 https://threatfox.abuse.ch/ioc/866010/

Intelligence

File Origin
# of uploads :
1
# of downloads :
278
Origin country :
n/a
File Archive Information

This file archive contains 122 file(s), sorted by their relevance:

File name:UnityEngine.UnityWebRequestTextureModule.dll
File size:10'752 bytes
SHA256 hash: ceb89ddec1c01e83c491c7970e595040dc09b0eea2d16852959cef58ee31f9d6
MD5 hash: dde4b1560845bedb29f1490c089ffd82
MIME type:application/x-dosexec
Signature RedLineStealer
File name:UnityEngine.VFXModule.dll
File size:38'912 bytes
SHA256 hash: cea9b5fc60843aedc87ef6173527f5e171bc93d9a5a99c16da3a082b40e1262a
MD5 hash: 96c30e3abcc4af3723564270877be385
MIME type:application/x-dosexec
Signature RedLineStealer
File name:System.ComponentModel.Composition.dll
File size:247'808 bytes
SHA256 hash: 596500c15e90d4b63573a19da292009c95b02e05005f48077d7fc0850dd220fd
MD5 hash: 7cfe714806f245e2571e58be288ea10e
MIME type:application/x-dosexec
Signature RedLineStealer
File name:UnityEngine.WindModule.dll
File size:9'728 bytes
SHA256 hash: d72e7f4a084cb8e314ba9501c8e383fae396b6933f9a94ff3ff31c5d8b7cd56c
MD5 hash: 4854e8a26e64318bbd67ba74d485df1b
MIME type:application/x-dosexec
Signature RedLineStealer
File name:System.Globalization.Extensions.dll
File size:6'144 bytes
SHA256 hash: 4e8c5ad3450450ba6bc6a474300f2445094870f2bcc9ca16472fb2f3adb88ebd
MD5 hash: f09c5ddef200f21725e5fde17d3b9016
MIME type:application/x-dosexec
Signature RedLineStealer
File name:unity_builtin_extra
File size:704'780 bytes
SHA256 hash: 326003ff320408c63c71275df81137a8718b7550b1587784709ff11779d76ee9
MD5 hash: 335eb970d0d74ec162dc9534c4fecbd7
MIME type:application/octet-stream
Signature RedLineStealer
File name:UnityEngine.SubstanceModule.dll
File size:13'824 bytes
SHA256 hash: 00ad22e04cab7a463b69a9837326f4b460e1e7fd762f871bdf6c2c58a4ba49c1
MD5 hash: b9ea4399bb1f898a557f70b4812475fb
MIME type:application/x-dosexec
Signature RedLineStealer
File name:UnityEngine.UnityConnectModule.dll
File size:10'752 bytes
SHA256 hash: 140878d59f38259eff2847702da824a67b3a9277a4b072b183060921bb0f11a8
MD5 hash: 832688f667647b8f5b36dbdb0e39a1d9
MIME type:application/x-dosexec
Signature RedLineStealer
File name:System.Configuration.dll
File size:43'008 bytes
SHA256 hash: 9636c4777d713412d15cda3ca1c6a739d6151900c4c830adb928848210a28afc
MD5 hash: 4cd9788853eca3d71a4de089e78e05c8
MIME type:application/x-dosexec
Signature RedLineStealer
File name:UnityEngine.dll
File size:86'016 bytes
SHA256 hash: 3742efddb93a4a4ca3d66742783f7c5df688fae72e7187c3d13835bd340729f3
MD5 hash: 5af199bdf50ae1cb0dcc25a53689643f
MIME type:application/x-dosexec
Signature RedLineStealer
File name:System.Runtime.Serialization.Xml.dll
File size:7'168 bytes
SHA256 hash: 2394dff209954e143795bedba8ec9c737e17ecd96e3a3a02de6d7c2631f04152
MD5 hash: a9f4cef4a4cbc618fb55e324be0ae949
MIME type:application/x-dosexec
Signature RedLineStealer
File name:netstandard.dll
File size:84'992 bytes
SHA256 hash: 994be039eb23da7b0c14fc2fa2c09b3ca2a73bb330e840275ab8275063716f0e
MD5 hash: 92e14598f1f886b75f0a02bf934350b3
MIME type:application/x-dosexec
Signature RedLineStealer
File name:UnityEngine.DirectorModule.dll
File size:13'312 bytes
SHA256 hash: d6f78c997409439f998b053c3d75865323cc7985461524846efb09de1c7f9d90
MD5 hash: 0bb287638c9a4c16b0d2f51ceaec7642
MIME type:application/x-dosexec
Signature RedLineStealer
File name:System.Xml.XPath.XDocument.dll
File size:5'120 bytes
SHA256 hash: c53307ed65e10be7f252ee8c93a6261af7a7c44b5006631f57950624c3f06f5e
MD5 hash: a9550b31f294bd35d030f4760b591bf0
MIME type:application/x-dosexec
Signature RedLineStealer
File name:UnityEngine.UmbraModule.dll
File size:8'704 bytes
SHA256 hash: 24c5f12421dc9260d67105ccdd5a180e8bf64442e8edcfd5374563262c252a54
MD5 hash: 829a09ab809ab02431d8879219b6a6ee
MIME type:application/x-dosexec
Signature RedLineStealer
File name:UnityEngine.IMGUIModule.dll
File size:156'672 bytes
SHA256 hash: ca85b168e1576f47d7216c069d217ecba84f6be9f3a32d9d2f5a29b8750a0cdf
MD5 hash: fcaff9a3e2f1bd9ccba06a5f5d5230e0
MIME type:application/x-dosexec
Signature RedLineStealer
File name:UnityEngine.ClusterRendererModule.dll
File size:9'216 bytes
SHA256 hash: 5b1cb68a9bfb1755d0a6c4d6446161f26128999a381a85c1286592298405ed6a
MD5 hash: de7eb49ce4c01408dc2e73d5abf402f9
MIME type:application/x-dosexec
Signature RedLineStealer
File name:PlayMaker.dll
File size:212'480 bytes
SHA256 hash: 0ef0e7829d125e1f632c8a189260ec6c6882630be6932c8c7ae032efbc53469a
MD5 hash: 4270045b38995b0b80fa3bc85079d8c6
MIME type:application/x-dosexec
Signature RedLineStealer
File name:Assembly-CSharp-firstpass.dll
File size:310'784 bytes
SHA256 hash: 6e0c80470e9094e4fb77ae44ddca441cb5f9d7eb606c6d7a327578b9b24415f7
MD5 hash: 5756a33c3ce5622addce85f09cd0f44f
MIME type:application/x-dosexec
Signature RedLineStealer
File name:Unity.VisualEffectGraph.Runtime.dll
File size:42'496 bytes
SHA256 hash: 4bcad3a0a826ec12d59a93f4d400660d82bdf8be55025c183e56dc9f74f36429
MD5 hash: 91184037d653231e32236cc5815e9d0e
MIME type:application/x-dosexec
Signature RedLineStealer
File name:UnityEngine.ScreenCaptureModule.dll
File size:9'728 bytes
SHA256 hash: 3a2037535b3a7e6acd65ee973c96af0052ccd4fd60266f7f6dd429327a8d9d2d
MD5 hash: f77c38ae0aae1efea9bc65e7fda70e5c
MIME type:application/x-dosexec
Signature RedLineStealer
File name:level5
File size:256'604 bytes
SHA256 hash: 420505dd171a2d68ffa79587d2358ffe6fe7afb322c914daa90ec3b481bbc673
MD5 hash: d66a467939e6272ca4e9ac1e18e87246
MIME type:application/octet-stream
Signature RedLineStealer
File name:level0
File size:73'268 bytes
SHA256 hash: 62ec94611ded8cbcf570d0cbd467019db5a03f2da0492e2b8631d354b2e7724d
MD5 hash: e05be4d2bc109d35f2c1622a2bc64d25
MIME type:application/octet-stream
Signature RedLineStealer
File name:UnityEngine.LocalizationModule.dll
File size:9'728 bytes
SHA256 hash: 8e5a46e68b0bcea0caaa4688066f169dff47c5b38fdb171b1125764b081ad5ac
MD5 hash: 239b326911795fd245c87e6d1bdd3501
MIME type:application/x-dosexec
Signature RedLineStealer
File name:System.IO.Compression.FileSystem.dll
File size:23'040 bytes
SHA256 hash: 221abe4eea00347c51ac7409b47ba7b08ccfdaae8e36e706a8ee0d4de6ceb87a
MD5 hash: f9a07c1ef58c863f89e74f11a3b21447
MIME type:application/x-dosexec
Signature RedLineStealer
File name:UnityEngine.VehiclesModule.dll
File size:12'800 bytes
SHA256 hash: 91f178081dd900c10c4890241cb94c4ff5265bf7467152b621d58deed9a09389
MD5 hash: 5b09a4705da5c046eb4f8726d81fb97c
MIME type:application/x-dosexec
Signature RedLineStealer
File name:System.ServiceModel.Internals.dll
File size:218'112 bytes
SHA256 hash: ab27dd2afdfab73dd36c5b90a542c78a69822d8add2bba3cc95db8990b23f4c4
MD5 hash: db77383f6a5476198c0e065e12d183a7
MIME type:application/x-dosexec
Signature RedLineStealer
File name:System.Transactions.dll
File size:33'280 bytes
SHA256 hash: ff78a8b68809535c1d93cc6e511c79e0d2f85d97b358da2a8a76eca8c8f2e4bc
MD5 hash: 372716edcb838185812ae2b1f729c6df
MIME type:application/x-dosexec
Signature RedLineStealer
File name:Unity.RenderPipelines.Core.Runtime.dll
File size:175'616 bytes
SHA256 hash: 9df51fd75f88f0b6695590eb1e0d0a1a958dedc2139f5eeaa1ed3a6f9162bea6
MD5 hash: 993685d2e6a29c8e813bae9239d59a0a
MIME type:application/x-dosexec
Signature RedLineStealer
File name:UnityEngine.GameCenterModule.dll
File size:27'136 bytes
SHA256 hash: 8831dfadef1c9a97beafde9cb911fc2678c0e8e981e5172b4cc05f37c23aeea6
MD5 hash: ab88b1a810e4127648a57834ccc965c5
MIME type:application/x-dosexec
Signature RedLineStealer
File name:UnityEngine.InputModule.dll
File size:12'288 bytes
SHA256 hash: 4fd07d628c008c09b5076e7839c50e56039d9c4e0e2dad0209305edc0dbc31b4
MD5 hash: dcde0acb59d8bc53beefa443b296e2c4
MIME type:application/x-dosexec
Signature RedLineStealer
File name:System.dll
File size:2'141'696 bytes
SHA256 hash: 5a46039da87fe46804e5770d9f2f5926ac054935eef0b8eec75ef83bf702d237
MD5 hash: c8e039ee3d2c837060f96347d9ac3621
MIME type:application/x-dosexec
Signature RedLineStealer
File name:Unity.InputSystem.dll
File size:675'328 bytes
SHA256 hash: bff8c18476192435b00ad34e984444794c08244c7623de51e0c03f26da4063a4
MD5 hash: 3389e23c00ac75d4f51de0a28c24ccdb
MIME type:application/x-dosexec
Signature RedLineStealer
File name:UnityEngine.GridModule.dll
File size:13'824 bytes
SHA256 hash: e0542742b63793b769edc0bbece9c1905b435337602d22617bf8d04c0d4a3a50
MD5 hash: 2eda0d49e619f28fe2f2199320e8f132
MIME type:application/x-dosexec
Signature RedLineStealer
File name:UnityEngine.VRModule.dll
File size:34'816 bytes
SHA256 hash: 907c9022cad1f5bdfc9df1c61388e86d96318bd764eae57c3c955d605a152812
MD5 hash: 7ec7a3c1dd60824c6dad6c1df570ec13
MIME type:application/x-dosexec
Signature RedLineStealer
File name:Unity.2D.Animation.Triangle.Runtime.dll
File size:187'392 bytes
SHA256 hash: 2ddca37c426e681d765ffa33757893d97ef499383fbb00c9791e55ffa4683fb3
MD5 hash: bbd305efbe9586e54cb7bb9b23110fcf
MIME type:application/x-dosexec
Signature RedLineStealer
File name:System.Xml.Linq.dll
File size:119'296 bytes
SHA256 hash: 7152197c2d69b60a24b9af3323b45b76bde9f9f63a447c69090656289ac32c1e
MD5 hash: 13489016860b776576969ae7c4a08a91
MIME type:application/x-dosexec
Signature RedLineStealer
File name:UnityEngine.HotReloadModule.dll
File size:8'704 bytes
SHA256 hash: 82ed52a4ec966f124762d83e0f59928868a98ddbaa4ee5a92eea48a34a5c4114
MD5 hash: a913a0662a1171cb84f326b2410d05c2
MIME type:application/x-dosexec
Signature RedLineStealer
File name:Unity.2D.PixelPerfect.dll
File size:11'264 bytes
SHA256 hash: 5e99c8c8fb3b400899a7663904f93c05332e2c0b256dbf43bd0ed879201d8a76
MD5 hash: 41379778ce1e3d26bfa87f4749edcaf2
MIME type:application/x-dosexec
Signature RedLineStealer
File name:Unity.2D.Animation.Runtime.dll
File size:36'352 bytes
SHA256 hash: 6a0fc2c273b209f230af73611d524331ca4c17778352574509c129329feadb16
MD5 hash: c0b60f3aa0d7a810cef0d359c246927e
MIME type:application/x-dosexec
Signature RedLineStealer
File name:UnityEngine.UnityWebRequestAssetBundleModule.dll
File size:11'776 bytes
SHA256 hash: bdd898ef95d0cbce2ad54193c153d0200b7ef91828aac6b4992f9a8785198434
MD5 hash: c1141826dab4d8711816e61658276a99
MIME type:application/x-dosexec
Signature RedLineStealer
File name:System.EnterpriseServices.dll
File size:33'280 bytes
SHA256 hash: 267ab686ed635fcd9170d1b9e800b53eb6fe9c2be8e1bc278f86833d03ae2cbd
MD5 hash: 29277efc3de5f37d7f14998394a4adbf
MIME type:application/x-dosexec
Signature RedLineStealer
File name:UnityEngine.AssetBundleModule.dll
File size:22'016 bytes
SHA256 hash: d481567df81a4de96ac35c68a23fcac42131bd8154eb0f7b7ff383ea460be34d
MD5 hash: 41ee0728dc4f3f1fe2235ed38750e30d
MIME type:application/x-dosexec
Signature RedLineStealer
File name:Cinemachine.dll
File size:217'600 bytes
SHA256 hash: a30b213a528264981454daa6179efd3a66ba49368c636c733f4d09ed913bc3c6
MD5 hash: 8bb0ae8a2065850f556717781bbb3471
MIME type:application/x-dosexec
Signature RedLineStealer
File name:UnityEngine.UnityWebRequestModule.dll
File size:43'520 bytes
SHA256 hash: 48fa97b126d110b5b9daee6fa368eb1b0da948b80d5d128a2ed26527e5f361e0
MD5 hash: 5156a33bb183d3d1cb056aa7777eee5c
MIME type:application/x-dosexec
Signature RedLineStealer
File name:level6
File size:74'652 bytes
SHA256 hash: 6b13a4f5f7225a68ea94d153ca71f09fb9a3543831385780e52e98b33300a588
MD5 hash: 54533cba8f56c236e6cc98c31dacfdce
MIME type:application/octet-stream
Signature RedLineStealer
File name:UnityEngine.VideoModule.dll
File size:29'184 bytes
SHA256 hash: 33724e44e6913241641cf5b38a7046b4a8fe7b11873d85438e25cfe3fb071ece
MD5 hash: 2a824d16fc8ecffe0a00e6c8913de3a3
MIME type:application/x-dosexec
Signature RedLineStealer
File name:Galaxy64.dll
File size:15'274'496 bytes
SHA256 hash: cdc1dd81e6287b169b0921c5011add80bcd5512d0b9e5f977e178ef16d0d924a
MD5 hash: 5965b4a662b2016a14b5ec1a6c2f41d8
MIME type:application/x-dosexec
Signature RedLineStealer
File name:Unity.Postprocessing.Runtime.dll
File size:147'456 bytes
SHA256 hash: a66a9bcbbd1b8fa5eef0e6cdbd4976e33f072f470031c4543f7e5e8369a67699
MD5 hash: b8b0d2aa187c60b637650ee59787ba9e
MIME type:application/x-dosexec
Signature RedLineStealer
File name:UnityEngine.UI.dll
File size:226'304 bytes
SHA256 hash: 86793e62a7570ed12e603ae07b8ed199a600611aa629592c4e9bc68fe0cbfe0b
MD5 hash: 6ec74bcbc37ca6e9ce8bfdbf52200404
MIME type:application/x-dosexec
Signature RedLineStealer
File name:UnityEngine.PerformanceReportingModule.dll
File size:9'216 bytes
SHA256 hash: d5a03585abe440233a64f97e3e3385cfbc53ef7b3ac05229da12c944b1178a4d
MD5 hash: 69422e06705926a41be1e8165bbe409b
MIME type:application/x-dosexec
Signature RedLineStealer
File name:UnityEngine.ClusterInputModule.dll
File size:10'240 bytes
SHA256 hash: 5d22a99279aaf71f79d47c65e30936b8e6da3f354a5c34baff62266ff3fbe85d
MD5 hash: 12fd008f8770717fd6bfc3f63618b433
MIME type:application/x-dosexec
Signature RedLineStealer
File name:UnityEngine.CrashReportingModule.dll
File size:9'728 bytes
SHA256 hash: 6e84fe8e3b8633257d337b9ed1faabec0ba17d420cb4497914f3a302eef625bd
MD5 hash: 008ee519aa035ca253a895ac60584d3c
MIME type:application/x-dosexec
Signature RedLineStealer
File name:mscorlib.dll
File size:3'906'048 bytes
SHA256 hash: 184f3a9c4524db4bff81ef50b93441c6a5255397e6b78ee219f8c0b193daa2ee
MD5 hash: 9eb7dad17e1048ec2ec8c42ea58a1f39
MIME type:application/x-dosexec
Signature RedLineStealer
File name:Mono.Security.dll
File size:310'272 bytes
SHA256 hash: 8c47b23389f9eede068683ed8b64b5a466f986499112983290778b30accfd1ba
MD5 hash: f7acab1e09deaa11c9bdd0d723363016
MIME type:application/x-dosexec
Signature RedLineStealer
File name:Unity.RenderPipelines.ShaderGraph.ShaderGraphLibrary.dll
File size:3'584 bytes
SHA256 hash: 714fb7862923354947ee74440a7d9bc80bd33fed0e2e9ea71c7561ed33bc6765
MD5 hash: 47f59bbf33a2d70da2725796793a91c4
MIME type:application/x-dosexec
Signature RedLineStealer
File name:level4
File size:176'948 bytes
SHA256 hash: 3b8d87a60cabdb00cdd35a10f1c4dde41601465ef15a4dec5ea2608c96075ac3
MD5 hash: 6a0a9214222fd58a3960173fa41f2fd5
MIME type:application/octet-stream
Signature RedLineStealer
File name:UnityEngine.UnityWebRequestWWWModule.dll
File size:20'480 bytes
SHA256 hash: 79da990699c5609635935d8053b9676f661b3a13185dfff04db5160c3a3b09cc
MD5 hash: c0ab999fc7488311f4759faf0409c74b
MIME type:application/x-dosexec
Signature RedLineStealer
File name:UnityEngine.StreamingModule.dll
File size:9'728 bytes
SHA256 hash: a7f599d9ca9ec7ee63a697924153d0a739de136371ae307a0cbb462c22714e58
MD5 hash: 3c6b2ec2adab89fbc22c01d7d03f76d1
MIME type:application/x-dosexec
Signature RedLineStealer
File name:UnityEngine.ClothModule.dll
File size:15'360 bytes
SHA256 hash: d2bf168458c90f4531f9a5468ac0b6064271ab701dad813a4fd1df93fb84f825
MD5 hash: fa93ee2c83c263ada2d105a507b902a7
MIME type:application/x-dosexec
Signature RedLineStealer
File name:Wayfarer_v1.2.8.exe
Pumped file This file is pumped. MalwareBazaar has de-pumped it.
File size:798'992'896 bytes
SHA256 hash: 4f6373d9757f4def854f8dedeb28f6e68b2a21d7ec41140827f5f1180ca6a4d7
MD5 hash: c133282b6cd1033363477124f9aca914
De-pumped file size:4'365'824 bytes (Vs. original size of 798'992'896 bytes)
De-pumped SHA256 hash: 979633ef5386a4386d862a8643210676ec89394021b2513a69e5588ff5b49453
De-pumped MD5 hash: bbbbd928e2f836778602dfe4f058089e
MIME type:application/x-dosexec
Signature RedLineStealer
File name:System.Data.dll
File size:1'941'504 bytes
SHA256 hash: 23dae8379e8c412f69caa0668be411c87672a775ce473e18faf01f56c114e079
MD5 hash: d314b95fb863cdd6119abc7e28e7c1fa
MIME type:application/x-dosexec
Signature RedLineStealer
File name:System.IO.Compression.dll
File size:98'816 bytes
SHA256 hash: 6045d16e65834f67b2604359a137a4b74434293813ccab0d86b34c5f7b1785fa
MD5 hash: bd03377bb478fe581834bb237b4c6725
MIME type:application/x-dosexec
Signature RedLineStealer
File name:UnityEngine.InputLegacyModule.dll
File size:25'600 bytes
SHA256 hash: c61311358e85d9f568aebefb1ce3869af5180bae8478ef474bf095e7cf322fa8
MD5 hash: 369b66ad6db24e0327a8cd391826a01d
MIME type:application/x-dosexec
Signature RedLineStealer
File name:System.Core.dll
File size:1'057'792 bytes
SHA256 hash: 2d702d211d34e9b94ca18a5ef10a6c2b0fa40fb2cb09751348c7d5bd4dffed02
MD5 hash: caf99bab07df42b6e4544ae64dc4d908
MIME type:application/x-dosexec
Signature RedLineStealer
File name:UnityEngine.TLSModule.dll
File size:8'704 bytes
SHA256 hash: 0ce5f457222e9e46d5b56b03036a5172351d55d7ceec503a65b0ed52b9da4281
MD5 hash: 913a0dffa0edb47adc6dd6fc0eb4e3f8
MIME type:application/x-dosexec
Signature RedLineStealer
File name:UnityEngine.TilemapModule.dll
File size:25'088 bytes
SHA256 hash: 8bad72ba9d229af232c40326cdb7f3f32f2f9d84e05316544f4df829256a8113
MD5 hash: 79b6e744247ca45655d5e7f5d69e2308
MIME type:application/x-dosexec
Signature RedLineStealer
File name:UnityEngine.UIModule.dll
File size:23'552 bytes
SHA256 hash: d27a5ecc3f80a21f3a082574393a2f1652efd6dfdfd8bfaf01e37a3562e53b91
MD5 hash: 747ad1a0ee049165a2e7ffeb52f138cc
MIME type:application/x-dosexec
Signature RedLineStealer
File name:ConditionalExpression.dll
File size:27'136 bytes
SHA256 hash: c18f9740efddfc089ec5051dbc36bbda7361b2f82bc20abec78aa5a2a0bb4d7e
MD5 hash: a8c81f7aa4b1cd9ec959196326a5e415
MIME type:application/x-dosexec
Signature RedLineStealer
File name:level10
File size:40'940 bytes
SHA256 hash: cf6e9d389493cdc2db6aa3ff44eba2e049ee9fa099deb0c96b5dadeb869bfac0
MD5 hash: 1972849d571e1b712451466d0cd008a2
MIME type:application/octet-stream
Signature RedLineStealer
File name:UnityEngine.SpriteMaskModule.dll
File size:10'240 bytes
SHA256 hash: 760671f8343c98a0cd81e759bfd25355a445e6c1a28aadf8a9942011e5fd7952
MD5 hash: ba57addb13d49a7356b1fb0d1d1827e2
MIME type:application/x-dosexec
Signature RedLineStealer
File name:UnityEngine.AndroidJNIModule.dll
File size:64'512 bytes
SHA256 hash: 284ee011ae20e30e66ced114ddc238c583e819cf07f6467fccb0a808f6e00576
MD5 hash: 6f5dbeedad6c5b97b8302bf09e11da68
MIME type:application/x-dosexec
Signature RedLineStealer
File name:UnityEngine.DSPGraphModule.dll
File size:17'920 bytes
SHA256 hash: 77e268f9400d5ad31f992318733caa485bce5b8a0730761d13cc340695a4a623
MD5 hash: 5b56e7cef5ce1a7e04aef5bed6266c34
MIME type:application/x-dosexec
Signature RedLineStealer
File name:System.Xml.dll
File size:2'414'592 bytes
SHA256 hash: 8283e176446695c0486b8b1cda7581178e9ddd5ceb49873dd7da519730497609
MD5 hash: dc13c345b6649321d2ae8c84cd302144
MIME type:application/x-dosexec
Signature RedLineStealer
File name:UnityEngine.PhysicsModule.dll
File size:87'040 bytes
SHA256 hash: 30569022ff4d831b858ef5d51ff970c1521d5b003dc3ee9c7507394e19551e16
MD5 hash: 3ab3b2525166a3c28cf867c281e7ae08
MIME type:application/x-dosexec
Signature RedLineStealer
File name:UnityEngine.UnityAnalyticsModule.dll
File size:32'768 bytes
SHA256 hash: 623d5db5deac5a22dac7f394b307f9bafb62317acda74c767ed635831eb182af
MD5 hash: 0ccdc9779c483ca24939d94ec6a4f891
MIME type:application/x-dosexec
Signature RedLineStealer
File name:level9
File size:17'200 bytes
SHA256 hash: ffcf276d714bade8ca1bd02c86ccb83cdc679f1129440cab9a31d34b58bcb946
MD5 hash: bc032321397cdd57b3fdb4749cc88fba
MIME type:application/octet-stream
Signature RedLineStealer
File name:Unity.InternalAPIEngineBridge.001.dll
File size:4'096 bytes
SHA256 hash: 6eba703f8abf5c0bdb337e79c1ef341ec2198f85785f66bb9b89795fa6653ce5
MD5 hash: 861ee94bb356ba0c0aca47d43c1efe5a
MIME type:application/x-dosexec
Signature RedLineStealer
File name:UnityEngine.JSONSerializeModule.dll
File size:10'752 bytes
SHA256 hash: 73f67e7e493417a50db3b2a33310dc3b2aae47ce6bd4f846a50bce92a086143a
MD5 hash: 688645525d7316aea069d45b89c6cdf0
MIME type:application/x-dosexec
Signature RedLineStealer
File name:Unity.Timeline.dll
File size:108'544 bytes
SHA256 hash: 04064f672e177c6d61f9e075d2c4fbd2571acf27bd2e595251788336a78056f2
MD5 hash: 0483663d79631ffb628504b443b6643c
MIME type:application/x-dosexec
Signature RedLineStealer
File name:UnityEngine.SpriteShapeModule.dll
File size:14'336 bytes
SHA256 hash: b2fc0a55b4088dd6d079c0a7030cfc9f776d6154a74db1b3b88e8d986da79ac3
MD5 hash: 478d652bc676cc5706a13cc0253a568d
MIME type:application/x-dosexec
Signature RedLineStealer
File name:UnityEngine.AudioModule.dll
File size:57'856 bytes
SHA256 hash: 5efd437ecde83296153a63172bfaf8a54729d6ef49cc1a90787c670b9c436a3a
MD5 hash: 0e20bbce7d1f3827ff84008e3f586974
MIME type:application/x-dosexec
Signature RedLineStealer
File name:Unity.RenderPipelines.Universal.Runtime.dll
File size:216'576 bytes
SHA256 hash: d1d8067d6993c5e04c6608e0e5c514fafa2d6065e30164817d9cda44ea4cd6d4
MD5 hash: 86e630845daca4c5b8c920f2928448a8
MIME type:application/x-dosexec
Signature RedLineStealer
File name:UnityPlayer.dll
File size:26'133'592 bytes
SHA256 hash: 600fca711f1975b3e7a859b0d616207923103a9b9bd6cb23e21a43cace0ed635
MD5 hash: 82d1e51c2eb786c32d36c42cd1c60073
MIME type:application/x-dosexec
Signature RedLineStealer
File name:UnityEngine.AccessibilityModule.dll
File size:12'288 bytes
SHA256 hash: 1e5f0b96c8b5dc10c37d2267e8e07b5d246ab7f09bbd3ebfcd527cd310dd64fd
MD5 hash: 67170f387b094bc2687567ad1c603ba0
MIME type:application/x-dosexec
Signature RedLineStealer
File name:System.Numerics.dll
File size:114'176 bytes
SHA256 hash: 01d3b2dd6375da4378b8c9951a6bbb4997dd6a0651753e5736aa1b0587015f35
MD5 hash: 885b5345047df2ed6298401f3acf3159
MIME type:application/x-dosexec
Signature RedLineStealer
File name:Unity.Mathematics.dll
File size:710'144 bytes
SHA256 hash: 23e0ff54d577888c36e26cabac5f040890ff3c8b30fd17f02f44ede1123a8ca7
MD5 hash: 4feccc1dadd279e451ed63d024d56c3f
MIME type:application/x-dosexec
Signature RedLineStealer
File name:UnityEngine.TerrainPhysicsModule.dll
File size:9'728 bytes
SHA256 hash: b82fbf6f0a5bc715c965f045a564462fa91f02537572504c00c5ebb3722dcd12
MD5 hash: 3966da705eee5fea4833b04f659abc39
MIME type:application/x-dosexec
Signature RedLineStealer
File name:UnityEngine.UnityTestProtocolModule.dll
File size:8'704 bytes
SHA256 hash: a977930cd0aaa2366c7cef7dfd73c495e072e9c0da51d2a3171a408ca95b3c39
MD5 hash: 50d91406969a44098ad0729a7a41eae3
MIME type:application/x-dosexec
Signature RedLineStealer
File name:level7
File size:66'092 bytes
SHA256 hash: bd7d4c35ea5079cc29c6b5f5e7662b6383aa5e83298b239d5b899954210ca4e3
MD5 hash: b743bcd3a9247e9ce01bf37be7b4a8b9
MIME type:application/octet-stream
Signature RedLineStealer
File name:System.Net.Http.dll
File size:114'688 bytes
SHA256 hash: 50d4aa1f4403c12563d433ac51cc9908a5aa035a7fbb741098aa457c182dcf02
MD5 hash: bd7504b63578a8030ab7c19f1bb27c61
MIME type:application/x-dosexec
Signature RedLineStealer
File name:UnityEngine.TextCoreModule.dll
File size:186'368 bytes
SHA256 hash: 3ea37c73cbdf4a5586b6d676a12a882ed2a7c8d13114eda36e2966832502ebe1
MD5 hash: 3158d464f27554a66796a1a1e41d6523
MIME type:application/x-dosexec
Signature RedLineStealer
File name:UnityEngine.ImageConversionModule.dll
File size:13'312 bytes
SHA256 hash: f139ba93472653aeb2118b6ae19aff688d2ce97070e40afcd2e43b06c76d7314
MD5 hash: dbbe8050b1c38f42c52fe566bc306a9d
MIME type:application/x-dosexec
Signature RedLineStealer
File name:UnityEngine.ProfilerModule.dll
File size:8'704 bytes
SHA256 hash: 3f76f1db00bb104d0fcdd6f0196ed773f3868b3bcad24bfbe25ce18a10f698b7
MD5 hash: 770362130d4d1ff4ffdfb0bd29ada728
MIME type:application/x-dosexec
Signature RedLineStealer
File name:UnityEngine.TextRenderingModule.dll
File size:27'648 bytes
SHA256 hash: 82b727e11f621b8ae0678eae6fbbce2280749601467ce96d2ddc7f3f51507bb0
MD5 hash: 208c5cec79e6a884dcb95d3aea993048
MIME type:application/x-dosexec
Signature RedLineStealer
File name:UnityEngine.UIElementsModule.dll
File size:730'624 bytes
SHA256 hash: efe4c75c1290efabe46e1c552df65fd32a91f3d706c4aab7e21655c2caad8797
MD5 hash: 9883aec4c6fad30e7e363e6417f0ae71
MIME type:application/x-dosexec
Signature RedLineStealer
File name:UnityEngine.UnityWebRequestAudioModule.dll
File size:11'264 bytes
SHA256 hash: 87c90d232f51ea3544ba729b628411dac260b3413662460bfcaf9d46900a01e7
MD5 hash: d442c86404a43c93316c4ae342fa32e2
MIME type:application/x-dosexec
Signature RedLineStealer
File name:System.Drawing.dll
File size:184'320 bytes
SHA256 hash: 41d7f9907c43d1c9dda3cd4a9eda76c836dcc7daf7f657ba993f6b6d9c146ae1
MD5 hash: 1afff3a67c365aed5c2603e9c69d8c51
MIME type:application/x-dosexec
Signature RedLineStealer
File name:GalaxyCSharpGlue.dll
File size:1'897'984 bytes
SHA256 hash: 4f1b7c577c073e42693c1b1762b432ff8f4b1145a321789eb3f4b9cac8092e02
MD5 hash: 101ea4e1c12e70f1fa623d6e42971da4
MIME type:application/x-dosexec
Signature RedLineStealer
File name:Unity.RenderPipelines.Universal.Shaders.dll
File size:3'584 bytes
SHA256 hash: ed0bd3fafaeb4f1cf49f1a03dced7a1732ed42d7b3d82f7323261ca81ec7fb5b
MD5 hash: 9000a0d020572977715f715d3668970d
MIME type:application/x-dosexec
Signature RedLineStealer
File name:System.Diagnostics.StackTrace.dll
File size:6'656 bytes
SHA256 hash: 4701e843059674accc1c87038ec41f3cecbadce2a65755f527c8b65b0cebc8ce
MD5 hash: 1fbb019db62578427a660fdca39139fe
MIME type:application/x-dosexec
Signature RedLineStealer
File name:UnityEngine.AIModule.dll
File size:44'544 bytes
SHA256 hash: d2e03f7378cf4cd77d5d161b2988992350bff321a8706199bf96368752dea21b
MD5 hash: 633d9e1bdd84eb2e481f73735b1ee590
MIME type:application/x-dosexec
Signature RedLineStealer
File name:unity resources
File size:3'837'044 bytes
SHA256 hash: f3e108a10acab880d08962d06ec92b97760dff6537de91423d200b6b63467ed7
MD5 hash: 511688a7ca1885a849485519116b10c0
MIME type:application/octet-stream
Signature RedLineStealer
File name:level2
File size:76'652 bytes
SHA256 hash: 9dca06b5de2d18b93f84cda8c74100dfcbafc78af373dac279294c76ec94ecaa
MD5 hash: a30f6c6949d92616db18cdcbcb506d5a
MIME type:application/octet-stream
Signature RedLineStealer
File name:UnityEngine.AnimationModule.dll
File size:145'920 bytes
SHA256 hash: 4043c95960b13d221c76c287e02e72b0e089400662b54c4ee578cfb6b7d581ce
MD5 hash: 3c7e9da9c88fed819ea677b1dc2d23ef
MIME type:application/x-dosexec
Signature RedLineStealer
File name:Assembly-CSharp.dll
File size:1'579'520 bytes
SHA256 hash: 29442d5748da2a8ad07ecdee57c6050878a86f5e8a1f47b6564572ea76c5b3b2
MD5 hash: 09b5852bccde99b5260bf3c76abb15c6
MIME type:application/x-dosexec
Signature RedLineStealer
File name:DOTween.dll
File size:159'744 bytes
SHA256 hash: 9fb74a2df55c3b32054f6b661305d47b5c6c213f2b30a90461019d967347d9a7
MD5 hash: 0cd8611fe55b4bf31c42df1ef545721c
MIME type:application/x-dosexec
Signature RedLineStealer
File name:UnityEngine.CoreModule.dll
File size:1'014'272 bytes
SHA256 hash: 89bc52e6fdded3de7badb45e65909f696106ea8d7dfaf65cf58a0c8e7f1f4599
MD5 hash: 4a803d8fdced3ab269ac6cd24cd42923
MIME type:application/x-dosexec
Signature RedLineStealer
File name:Unity.RenderPipelines.Core.ShaderLibrary.dll
File size:3'584 bytes
SHA256 hash: b9205dabd3ddf06fcc95e05770573adeae82f9fa76d4c52ff808f13fd2891f6f
MD5 hash: 1caee401d1c08bb9e71f7098b95e97ae
MIME type:application/x-dosexec
Signature RedLineStealer
File name:UnityEngine.SharedInternalsModule.dll
File size:19'456 bytes
SHA256 hash: 97406b3568fbab883f2703bc7b74b22e96cbabb54e067051fbb8099c79553080
MD5 hash: a58faafa09ace4f4c44dbedafc2fb172
MIME type:application/x-dosexec
Signature RedLineStealer
File name:UnityEngine.ARModule.dll
File size:12'800 bytes
SHA256 hash: 224ffc2da15de67fb2139399af3bde237fa8556a4d5ddc2e5a45a97008e7b213
MD5 hash: 29dde4171e02eb83b0954a4de54eefc9
MIME type:application/x-dosexec
Signature RedLineStealer
File name:Unity.RenderPipeline.Universal.ShaderLibrary.dll
File size:4'096 bytes
SHA256 hash: 32a034b5952a67cf01ce2e53d4761f8de4fd5097e82c9fe100b248b54ac2e048
MD5 hash: 09b6437dde851c1ff123c8e2e9d7117e
MIME type:application/x-dosexec
Signature RedLineStealer
File name:UnityEngine.ParticleSystemModule.dll
File size:135'168 bytes
SHA256 hash: b97eafea4628ecbfd0256450cd5b55dd177d6d1483f81e3ac31bf2c112dca2fd
MD5 hash: f53d6f40b7d0ac5b6cfd076e1bb4a42f
MIME type:application/x-dosexec
Signature RedLineStealer
File name:UnityEngine.XRModule.dll
File size:54'272 bytes
SHA256 hash: ec6dea3ee39ca4ab72a1fe632c538dea2af0575ec20d906fffcb5ec4f22c386b
MD5 hash: 45719c205964769aae637873ffef297d
MIME type:application/x-dosexec
Signature RedLineStealer
File name:Unity.2D.Common.Runtime.dll
File size:3'584 bytes
SHA256 hash: 95ac20d345d0ad2641bd8adad0542698cfe5c3e87563a7f04c4b5db51c4aeedb
MD5 hash: 085a63c83d54d4787cf18022db9a54fe
MIME type:application/x-dosexec
Signature RedLineStealer
File name:UnityEngine.TerrainModule.dll
File size:80'896 bytes
SHA256 hash: 1106fdcbaf0a3388855bcb5fac6d635dd530b776a9b4361cc101ea60f2743d05
MD5 hash: 2f1a60cfb23a5fb8f8e7b881614f32c7
MIME type:application/x-dosexec
Signature RedLineStealer
File name:Unity.2D.SpriteShape.Runtime.dll
File size:88'064 bytes
SHA256 hash: 3d55bb2a45c16b57bf5744326249d9051703160af448638285b3651e82329121
MD5 hash: d46dd4160859780bf8bb69fe1b42bd12
MIME type:application/x-dosexec
Signature RedLineStealer
File name:UnityEngine.SubsystemsModule.dll
File size:16'896 bytes
SHA256 hash: a7e08a4abe59da73613ffec325e8df0256f53754ce8401b980bd371707d3330c
MD5 hash: 8c8aea652593f23cda24c177ae03e5df
MIME type:application/x-dosexec
Signature RedLineStealer
File name:UnityEngine.UNETModule.dll
File size:77'312 bytes
SHA256 hash: a744d6702c5df0a4f06572074c513eff6b6b5a7b28b6dfc5a26b654e2bdb99e5
MD5 hash: e017fe3c977b53cddead188a56870864
MIME type:application/x-dosexec
Signature RedLineStealer
File name:UnityEngine.Physics2DModule.dll
File size:105'984 bytes
SHA256 hash: a3cbcf28f3c58c1bc819b10305f271eb3941f08b0450329f8752794a6a287253
MD5 hash: 58d9ba97fd7edc021278f36007c1d87b
MIME type:application/x-dosexec
Signature RedLineStealer
File name:System.Runtime.Serialization.dll
File size:840'704 bytes
SHA256 hash: 988564a6a6cdd7efc8d541434ccff96bbc2f7f9349290b0efaf5735046cd582f
MD5 hash: e38f503216d5820dfdf2d469e194f999
MIME type:application/x-dosexec
Signature RedLineStealer
File name:Unity.TextMeshPro.dll
File size:369'152 bytes
SHA256 hash: e8cd36eb471ca473e81bb1d1079a1232e18d36fd54df837cce7dfc2392917f54
MD5 hash: b1b169af30584f75e57d9fdebd94857a
MIME type:application/x-dosexec
Signature RedLineStealer
Vendor Threat Intelligence
Gathering data
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/86ea564e8b1f94c597ad594c40f3a49f763a18f697f7a21879ed296365b860d3
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=q3vfmtuld6kmlf5nlfgeb45et53dughws732egdz5uuwgznymdjq._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/221113-w8xdcsfe3z/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pdb_YARAify
Create hunting rule
Author:@wowabiy314
Description:PDB

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

zip 86ea564e8b1f94c597ad594c40f3a49f763a18f697f7a21879ed296365b860d3

(this sample)

4f6373d9757f4def854f8dedeb28f6e68b2a21d7ec41140827f5f1180ca6a4d7

  
Dropping
SHA256 4f6373d9757f4def854f8dedeb28f6e68b2a21d7ec41140827f5f1180ca6a4d7
  
Dropping
SHA256 979633ef5386a4386d862a8643210676ec89394021b2513a69e5588ff5b49453
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2409914/
  
Dropping
MD5 bbbbd928e2f836778602dfe4f058089e

Comments