Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
NEAS.198e731935d5a9c0b26797118791b53fd76ddd1a38302cf739ad3a57f0c6b2e9_JC.exe
-
Size
1.2MB
-
Sample
231007-myyzrsdd34
-
MD5
3e687a14033b8ba0968ce86c415abe8e
-
SHA1
c5483168957df8fb20c9587148553c01953dd750
-
SHA256
198e731935d5a9c0b26797118791b53fd76ddd1a38302cf739ad3a57f0c6b2e9
-
SHA512
b60bec6ef664945bcdef20dde1a5904e5895abdb5fb91fcd19a68dc401ae43a53f9bbd67e7b56b1966d21e19cd22ebd4633c6ba200f2de81d5c4037478b4068f
-
SSDEEP
24576:UyjbRWpNSrTSgvWiRfSWA4gskS7cY7K0PxljuzTg5ST:jjbRBXZvWiVSGgsgalPxJP
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.198e731935d5a9c0b26797118791b53fd76ddd1a38302cf739ad3a57f0c6b2e9_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.198e731935d5a9c0b26797118791b53fd76ddd1a38302cf739ad3a57f0c6b2e9_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
gigant
77.91.124.55:19071
Targets
-
-
Target
NEAS.198e731935d5a9c0b26797118791b53fd76ddd1a38302cf739ad3a57f0c6b2e9_JC.exe
-
Size
1.2MB
-
MD5
3e687a14033b8ba0968ce86c415abe8e
-
SHA1
c5483168957df8fb20c9587148553c01953dd750
-
SHA256
198e731935d5a9c0b26797118791b53fd76ddd1a38302cf739ad3a57f0c6b2e9
-
SHA512
b60bec6ef664945bcdef20dde1a5904e5895abdb5fb91fcd19a68dc401ae43a53f9bbd67e7b56b1966d21e19cd22ebd4633c6ba200f2de81d5c4037478b4068f
-
SSDEEP
24576:UyjbRWpNSrTSgvWiRfSWA4gskS7cY7K0PxljuzTg5ST:jjbRBXZvWiVSGgsgalPxJP
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-