General
-
Target
wtrelaxing.exe
-
Size
5.3MB
-
Sample
230614-mecx7agc3x
-
MD5
ec9d7eb68b700dc7f81b7a808c4642ec
-
SHA1
b9774feebd7f0c5335e50620dfb3659c7bb5d444
-
SHA256
f75de77adc9eed21ec758c9f4616bd5a3b83022ed16b682406befad45e6f105b
-
SHA512
08c2b36b6b2ef47b1d9e7fee1fc9d608940ff45799b83eba09293ef025c2ca574ae00f4597e93fcd0c61df008c06ee727f334bf58d4e577a936b057fa004bd7e
-
SSDEEP
98304:XRN2eOEkA62kikrRBDAlHXtA84Pzwa3PPFRSlNTVdmynxIRAEQO1T1tCneS:X/hy2ki0RZq36lLJ3PPFRSzTVcST1y1E
Static task
static1
Behavioral task
behavioral1
Sample
wtrelaxing.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
wtrelaxing.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
1223
80.85.241.28:36723
-
auth_value
1162933edb12f699eedc4c04dd76667a
Targets
-
-
Target
wtrelaxing.exe
-
Size
5.3MB
-
MD5
ec9d7eb68b700dc7f81b7a808c4642ec
-
SHA1
b9774feebd7f0c5335e50620dfb3659c7bb5d444
-
SHA256
f75de77adc9eed21ec758c9f4616bd5a3b83022ed16b682406befad45e6f105b
-
SHA512
08c2b36b6b2ef47b1d9e7fee1fc9d608940ff45799b83eba09293ef025c2ca574ae00f4597e93fcd0c61df008c06ee727f334bf58d4e577a936b057fa004bd7e
-
SSDEEP
98304:XRN2eOEkA62kikrRBDAlHXtA84Pzwa3PPFRSlNTVdmynxIRAEQO1T1tCneS:X/hy2ki0RZq36lLJ3PPFRSzTVcST1y1E
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Detects RedLine infostealer
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-