MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a0ed1b03299900a0b14059932808da30caccab6f3a6f5286a581b524034d84a7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RedLineStealer


Vendor detections: 6


Intelligence 6 IOCs 1 YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a0ed1b03299900a0b14059932808da30caccab6f3a6f5286a581b524034d84a7
SHA3-384 hash: 697b135b9f2c5e1b4d50feb4d2a2fc473258320c7364e82b6564496b59ba75d58d48354dd8867995b052482d55ed07d7
SHA1 hash: d65830ed2c2d6b7b4e5feb63d51eae663c4eaa3a
MD5 hash: 2a7451848b83d8cee233c4f844c87378
humanhash: finch-washington-fifteen-table
File name:MetaLauncher.rar
Download: download sample
Signature RedLineStealer
Create hunting rule
File size:3'862'851 bytes
First seen:2022-10-17 06:13:05 UTC
Last seen:2022-10-18 11:59:48 UTC
File type: rar
MIME type:application/x-rar
ssdeep 98304:pFCR+8mcobnXbnCK7HgjpgoZq10CmAoRgbMvFF8:pR8m5bnXbnCmgtLZqOCayM9F8
TLSH T1840623247B4987EF40C3E105DB66E91D3B607FBE890DB6EBB7825BDB46C8804E856160
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Reporter iamdeadlyz
Tags:exe FakeMetaRun file-pumped MetaRacers rar RedLineStealer


Avatar
Iamdeadlyz
From metaracers.win (impersonation of metaverserun.io)
Single exe from 283979dc33c411a9e75ec5d4c0214bf1
RedLine Stealer C&C: 185.106.93.212:5616

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
185.106.93.212:5616 https://threatfox.abuse.ch/ioc/891575/

Intelligence

File Origin
# of uploads :
2
# of downloads :
258
Origin country :
n/a
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:MetaLauncher.exe
Pumped file This file is pumped. MalwareBazaar has de-pumped it.
File size:734'003'200 bytes
SHA256 hash: 2b74c16506089e7b924665f6b6995daec9304ee9faf8d32a149fe5eb4799cbcc
MD5 hash: ef0252c71127e6aecb0dce4026ec5b12
De-pumped file size:5'128'704 bytes (Vs. original size of 734'003'200 bytes)
De-pumped SHA256 hash: 12fc5509936eb1d8031861f3b44122df1a7c45b9e7433074c8b7c3bbe1e4c61f
De-pumped MD5 hash: 0608e8548e9f2980f7da6d2ba760155b
MIME type:application/x-dosexec
Signature RedLineStealer
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Hulk.Gen.5.5112.27865.UNOFFICIAL
Create hunting rule

Gathering data
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a0ed1b03299900a0b14059932808da30caccab6f3a6f5286a581b524034d84a7/
Threat name:
Binary.Trojan.Hulk
Create hunting rule
Status:
Malicious
First seen:
2022-10-17 07:17:56 UTC
AV detection:
5 of 38 (13.16%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=udwrwazjteakbmkalgjsqcg2gdfmzk3phjxvfbvfqg2sia2nqstq._file
Result
Malware family:
redline
Create hunting rule
Score:
  10/10
Tags:
family:redline botnet:idiot discovery infostealer spyware stealer
Link:
https://tria.ge/reports/221017-gzbmzaagg3/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Checks computer location settings
Reads user/profile data of web browsers
RedLine
Malware Config
C2 Extraction:
185.106.93.212:5616
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a0ed1b03299900a0b14059932808da30caccab6f3a6f5286a581b524034d84a7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RedLineStealer

zip 2485977c38ae2c0eb6bf21bf2170725924aa749e6c397f7230de7d6cf2d83287

RedLineStealer

rar a0ed1b03299900a0b14059932808da30caccab6f3a6f5286a581b524034d84a7

(this sample)

2B74C16506089E7B924665F6B6995DAEC9304EE9FAF8D32A149FE5EB4799CBCC

  
Delivery method
Distributed via web download
  
Dropped by
SHA256 2485977c38ae2c0eb6bf21bf2170725924aa749e6c397f7230de7d6cf2d83287
  
Dropping
SHA256 2B74C16506089E7B924665F6B6995DAEC9304EE9FAF8D32A149FE5EB4799CBCC
  
URLhaus
https://urlhaus.abuse.ch/url/2376368/
  
X
https://twitter.com/Iamdeadlyz/status/1581909536515903491
  
Dropped by
MD5 283979dc33c411a9e75ec5d4c0214bf1

Comments