MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 d1a8ae6e195921b1d6b338c66568875f7e3ef2c796c1079c511e57b899ff44ca. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
RedLineStealer
Vendor detections: 5
| SHA256 hash: | d1a8ae6e195921b1d6b338c66568875f7e3ef2c796c1079c511e57b899ff44ca |
|---|---|
| SHA3-384 hash: | 58431314cfb7cc8bda2a9852bf32691cf0c80f8556bcc65c80749ac7252ef8ee995cb6e3c154c14543b1c5b2564680ae |
| SHA1 hash: | 03e6e2a776b78287e931fc709b2b70e521c079bb |
| MD5 hash: | f2578427235abbf4a829dab58b51bf6e |
| humanhash: | jersey-foxtrot-river-fix |
| File name: | CosmoWars.zip |
| Download: | download sample |
| Signature | RedLineStealer |
| File size: | 7'866'265 bytes |
| First seen: | 2022-10-20 18:56:09 UTC |
| Last seen: | Never |
| File type: | zip |
| MIME type: | application/zip |
| ssdeep | 98304:EYD9Hyr0rCnkZLzqsDxCTDMkihj0uAmUCnD8LVqCyJ4j49wxCKC:EYJSwrXZLzXUTDMth8mxnoO9Br |
| TLSH | T10C86331AA5A21F85DC8D06BC80DF5B52235ABF5E1452A32F8325F32F7FF22F89955408 |
| TrID | 80.0% (.ZIP) ZIP compressed archive (4000/1) 20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1) |
| Reporter |  iamdeadlyz |
| Tags: | CosmoWars exe FakeExoMiner RedLineStealer zip |
Iamdeadlyz
From cosmo-wars.com (impersonation of ExoMiner Android game [com.eldring.exominer])RedLineStealer C&C: 77.73.134.13:3660
Intelligence
File Origin
# of uploads :
1
# of downloads :
322
Origin country :
n/a
File Archive Information
This file archive contains 33 file(s), sorted by their relevance:
| File name: | strings_en-US.xml.fx |
|---|---|
| File size: | 528 bytes |
| SHA256 hash: | 6efe319cace4063f8d8f4432469f0d89998a8468c4335a054f4503c2fba675b8 |
| MD5 hash: | c183ae169fde46b8e3f35d20092975fe |
| MIME type: | application/octet-stream |
| Signature | RedLineStealer |
| File name: | default.ide |
|---|---|
| File size: | 4'679 bytes |
| SHA256 hash: | 3aea4d74891f77602e1e7e32e3dfd6716fcccf257e87f7ab43c57f64339ff8c2 |
| MD5 hash: | 5b6d75bae827e2d88f24f2be66a037bb |
| MIME type: | text/plain |
| Signature | RedLineStealer |
| File name: | LayerPanelToolPlugin_strings_en-US.xml.fx |
|---|---|
| File size: | 5'680 bytes |
| SHA256 hash: | c091ba740d0679efb13aa6380382fa05f7a16f77f9ed1e77f2d4e49a954282a7 |
| MD5 hash: | d3db82c17cf68cd502d0e168372021b6 |
| MIME type: | application/octet-stream |
| Signature | RedLineStealer |
| File name: | msvcp120.dll |
|---|---|
| File size: | 455'328 bytes |
| SHA256 hash: | 87c42ca155473e4e71857d03497c8cbc28fa8ff7f2c8d72e8a1f39b71078f608 |
| MD5 hash: | fd5cabbe52272bd76007b68186ebaf00 |
| MIME type: | application/x-dosexec |
| Signature | RedLineStealer |
| File name: | global_controls.sii |
|---|---|
| File size: | 487 bytes |
| SHA256 hash: | 0ce5e2924486f6e832c87bd8bc7c7ac22b94865d959f76b9030a2623b9f8ce71 |
| MD5 hash: | fbcecc5399c20341535d6c58c806477e |
| MIME type: | text/plain |
| Signature | RedLineStealer |
| File name: | config.cfg |
|---|---|
| File size: | 4'828 bytes |
| SHA256 hash: | 747b73738aa1f4df3d2eec8310aa025eb340ca0acdd0fa32379e829daf9ef326 |
| MD5 hash: | 2a3044aed0dee5b14e2f071a025ee649 |
| MIME type: | text/plain |
| Signature | RedLineStealer |
| File name: | LoupeTool_strings_en-US.xml.fx |
|---|---|
| File size: | 459 bytes |
| SHA256 hash: | 3ff9285b7d1479f87e48f433a2394b78b2529c6ff8c64341cb9cbe8bcb4d734d |
| MD5 hash: | ac794a2460c9130e007259e06eb1715a |
| MIME type: | application/octet-stream |
| Signature | RedLineStealer |
| File name: | furnitur.dat |
|---|---|
| File size: | 16'480 bytes |
| SHA256 hash: | d7184e6ced806097582e38605f7f860e0070d05e8a2bdb84d6d6b0df8a92791a |
| MD5 hash: | 3199fc8b81a4c5334a497508fe408afd |
| MIME type: | text/plain |
| Signature | RedLineStealer |
| File name: | net.dll |
|---|---|
| File size: | 177'440 bytes |
| SHA256 hash: | 9909cf0a524583d524013900edd635cca60b4a6a9edab78aad76995daeb11554 |
| MD5 hash: | 0337598af74ee364a5f772ecde9f03a9 |
| MIME type: | application/octet-stream |
| Signature | RedLineStealer |
| File name: | msvcr120.dll |
|---|---|
| File size: | 970'912 bytes |
| SHA256 hash: | 86e39b5995af0e042fcdaa85fe2aefd7c9ddc7ad65e6327bd5e7058bc3ab615f |
| MD5 hash: | 034ccadc1c073e4216e9466b720f9849 |
| MIME type: | application/x-dosexec |
| Signature | RedLineStealer |
| File name: | Email_strings_en-US.xml.fx |
|---|---|
| File size: | 2'047 bytes |
| SHA256 hash: | 2695aa09a4c7bb703b0daf93457930459ed53c6627f997223e2384cb2dc17e6e |
| MD5 hash: | cab784e84399dc01b7bde2aaa1008202 |
| MIME type: | application/octet-stream |
| Signature | RedLineStealer |
| File name: | client.pdb |
|---|---|
| File size: | 30'280 bytes |
| SHA256 hash: | 64f3a78485fb6930d87cbd289a74eebba70847b1433fa24740d6ef55ec9461e9 |
| MD5 hash: | bbf4fd558b30604ff04ae4e7fc967f13 |
| MIME type: | application/octet-stream |
| Signature | RedLineStealer |
| File name: | CosmoWars Setup.exe |
|---|---|
| File size: | 772'428'800 bytes |
| SHA256 hash: | 8e54534f774632a12adbd7732b2816dda6bf4e034ddd2531de4909085bec767e |
| MD5 hash: | 3779a32d40c7f7e8302012316658fc40 |
| MIME type: | application/x-dosexec |
| Signature | RedLineStealer |
| File name: | bin3.ci |
|---|---|
| File size: | 747'573 bytes |
| SHA256 hash: | f9627486af5ef9c104ea1101f8423816a688644f218379e7ce87ba7c7185eeda |
| MD5 hash: | 4ed45fa34ba01b34de37e3de0597b955 |
| MIME type: | application/x-dosexec |
| Signature | RedLineStealer |
| File name: | libEGL.dll |
|---|---|
| File size: | 99'328 bytes |
| SHA256 hash: | c80506c25e434d19dc48fdb00d057c8541290e9c5cd72799e4044330222b25eb |
| MD5 hash: | 36a52fd42e070e68a2b98f69b30e5e39 |
| MIME type: | application/x-dosexec |
| Signature | RedLineStealer |
| File name: | lua5.1c.lib |
|---|---|
| File size: | 27'724 bytes |
| SHA256 hash: | 2ba324c31b16ffe8a12baa66d1cd5dc374c115bae120ead73a2e2f35feda159e |
| MD5 hash: | 137157084a39e018b87009dbde117a6d |
| MIME type: | application/x-archive |
| Signature | RedLineStealer |
| File name: | vorbishooked.dll |
|---|---|
| File size: | 36'499 bytes |
| SHA256 hash: | 655e6186cd59099fb233edbf2e5ef6b879cf6c73d754d3938931e05be8b21c3c |
| MD5 hash: | 69f97628da18bb0c01eef629e4344916 |
| MIME type: | application/octet-stream |
| Signature | RedLineStealer |
| File name: | libGLESv2.dll |
|---|---|
| File size: | 217'906 bytes |
| SHA256 hash: | 6bd119af15f533f5c4f6d90fc3444e652c2695cfd0ae47464eafb5f35c3825e2 |
| MD5 hash: | 53a025b6ca3b36f0ec3b2abeb986a9ca |
| MIME type: | application/octet-stream |
| Signature | RedLineStealer |
| File name: | PageEditor_strings_en-US.xml.fx |
|---|---|
| File size: | 2'685 bytes |
| SHA256 hash: | 99852a366108c33ba4194e5266206ad107ac7f7423f47cd329f885c378dae54e |
| MD5 hash: | 383b9aad46e6e3fb86a7ebbbbabd0814 |
| MIME type: | application/octet-stream |
| Signature | RedLineStealer |
| File name: | touchup_strings_en-US.xml.fx |
|---|---|
| File size: | 4'633 bytes |
| SHA256 hash: | 71cc0c639b330934e36d498075c90800d79e193264c8335ec183948b3a429019 |
| MD5 hash: | 99645319cee61fb72c6c27af90934e68 |
| MIME type: | application/octet-stream |
| Signature | RedLineStealer |
| File name: | bin1.ci |
|---|---|
| File size: | 131'185 bytes |
| SHA256 hash: | 35b997698f9ca58004a77b806144709b21e1be26669a1c100cbf628be8fa3cea |
| MD5 hash: | d9d8452f8f22298b50aa4d41433f1d81 |
| MIME type: | application/x-dosexec |
| Signature | RedLineStealer |
| File name: | client.lib |
|---|---|
| File size: | 35'852 bytes |
| SHA256 hash: | bad47f10db4a2e146626990a7eaf26f983a05642f6843c821edd90f343ab7e6a |
| MD5 hash: | 7c4e1b4fca3090a24e34b68b5c5f971a |
| MIME type: | application/x-archive |
| Signature | RedLineStealer |
| File name: | cosmowars.set |
|---|---|
| File size: | 2'900 bytes |
| SHA256 hash: | 321190b35a664db445470f1b62588ceda3b876ba68756832e44ba2af93654afd |
| MD5 hash: | 76cf82373c0a3f3a4c44a3756fea8938 |
| MIME type: | application/octet-stream |
| Signature | RedLineStealer |
| File name: | zlib1.dll |
|---|---|
| File size: | 20'816 bytes |
| SHA256 hash: | dad429bc116be58d5a833944d0e32b5254e5d82b22e7dd0a5a64a306e785f0a8 |
| MD5 hash: | 0d04c9e748d2c99c01dedb1d0e25fcc6 |
| MIME type: | application/octet-stream |
| Signature | RedLineStealer |
| File name: | lua5.1c.exp |
|---|---|
| File size: | 16'402 bytes |
| SHA256 hash: | 88bc86dfd1aaf57715fc74ae38275c40773654feddd6517a949cb283232aeba5 |
| MD5 hash: | 7f76429940b421e5e0e4b26b8f57de03 |
| MIME type: | application/octet-stream |
| Signature | RedLineStealer |
| File name: | opengl32sw.dll |
|---|---|
| File size: | 413'723 bytes |
| SHA256 hash: | 5f69c604d8f8e4a1e9f37b554376006fa5f123a17088004c2588faeafb63f753 |
| MD5 hash: | 122a7d97cd8dc20711f883bd7101cfd6 |
| MIME type: | application/octet-stream |
| Signature | RedLineStealer |
| File name: | lua5.1c.pdb |
|---|---|
| File size: | 65'647 bytes |
| SHA256 hash: | a261d3f4af9c0336e7aca7106bbd07142f422f8a675ff17f4b2a29ac23fbe817 |
| MD5 hash: | 4203870b352b832bfed598d7ff460ffa |
| MIME type: | application/octet-stream |
| Signature | RedLineStealer |
| File name: | vorbisfile.dll |
|---|---|
| File size: | 21'357 bytes |
| SHA256 hash: | b8db79721de2765f778eac59677191d1154525e4a9f7e901429471db6eac1316 |
| MD5 hash: | 2f8568cafe84727e783203592a670bc2 |
| MIME type: | application/octet-stream |
| Signature | RedLineStealer |
| File name: | bin.ci |
|---|---|
| File size: | 308'194 bytes |
| SHA256 hash: | 11912d95c032f0b283a8296a3e27bbbaf24f576f96b067fe2905730c6c2e1521 |
| MD5 hash: | 3115ca4c9acd79ba8bfbaba336ff7608 |
| MIME type: | application/x-dosexec |
| Signature | RedLineStealer |
| File name: | WebView2Loader.dll |
|---|---|
| File size: | 109'264 bytes |
| SHA256 hash: | 2b2d250122c2827d205955fcd2f11cb3a1b635c93e9d4eea0a437f9d06f13ab8 |
| MD5 hash: | cb651ffa838fa03ffcef7707c573add3 |
| MIME type: | application/x-dosexec |
| Signature | RedLineStealer |
| File name: | client.exp |
|---|---|
| File size: | 21'393 bytes |
| SHA256 hash: | 65679e96f929fdd9b4e5449ae1dd8eebae69e1b5b19935babeeb41eb92988c3b |
| MD5 hash: | 97e4948edf67162021e8f0bbbf2c310b |
| MIME type: | application/octet-stream |
| Signature | RedLineStealer |
| File name: | Language64.dll |
|---|---|
| File size: | 1'023'472 bytes |
| SHA256 hash: | 5e295c03710685077aad8d1572902cf8e265d683eb0821f1c34e7765fc8dfa1f |
| MD5 hash: | 9c67b9dabe09271702d37508d232a050 |
| MIME type: | application/x-dosexec |
| Signature | RedLineStealer |
| File name: | fonts.dat |
|---|---|
| File size: | 3'316 bytes |
| SHA256 hash: | f915a17b3673023c4c69fddb85d24709365bcdecee8615e5d882ac48721fd538 |
| MD5 hash: | ff4f58e01f9e91a3d525c738fef35a62 |
| MIME type: | text/plain |
| Signature | RedLineStealer |
Vendor Threat Intelligence
Gathering data
Result
Verdict:
MALICIOUS
Link:
Threat name:
Win32.Trojan.Generic
Status:
Suspicious
First seen:
2022-10-20 20:50:59 UTC
File Type:
Binary (Archive)
Extracted files:
328
AV detection:
5 of 42 (11.90%)
Threat level:
5/5
Detection(s):
Suspicious file
Result
Malware family:
n/a
Score:
8/10
Tags:
spyware upx
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
RedLineStealer
zip d1a8ae6e195921b1d6b338c66568875f7e3ef2c796c1079c511e57b899ff44ca
(this sample)
8e54534f774632a12adbd7732b2816dda6bf4e034ddd2531de4909085bec767e
Dropping
SHA256 8e54534f774632a12adbd7732b2816dda6bf4e034ddd2531de4909085bec767e
Delivery method
Distributed via web download
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.