Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
NEAS.0da4d6b21a5d88bf11e122f22c800490_JC.exe
-
Size
307KB
-
Sample
231013-wknrbaeg49
-
MD5
0da4d6b21a5d88bf11e122f22c800490
-
SHA1
f2cd2bac7dcc96a80f11ffa95b1e7dd32cb7118e
-
SHA256
555a83182d968664826d7815b0ed15d5f6342b364248a3d9b1a95d66077a4e24
-
SHA512
67feb89246a3cd82c111b4424bdf3c94faa11d52003ff5dbee7ab8bbc1619f613207fdd51ad445ebc281edf678856d2c65373ae4fea49f452c83282f75098a12
-
SSDEEP
3072:xu2+41qk0HyOsyXT1bFMN/Qv0Mjdov5hsWmrZ6crYOexuj9jIuK:8N6QsyZFe/QvHjuT0JrcG
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.0da4d6b21a5d88bf11e122f22c800490_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.0da4d6b21a5d88bf11e122f22c800490_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
@mass1vexdd
94.142.138.4:80
Targets
-
-
Target
NEAS.0da4d6b21a5d88bf11e122f22c800490_JC.exe
-
Size
307KB
-
MD5
0da4d6b21a5d88bf11e122f22c800490
-
SHA1
f2cd2bac7dcc96a80f11ffa95b1e7dd32cb7118e
-
SHA256
555a83182d968664826d7815b0ed15d5f6342b364248a3d9b1a95d66077a4e24
-
SHA512
67feb89246a3cd82c111b4424bdf3c94faa11d52003ff5dbee7ab8bbc1619f613207fdd51ad445ebc281edf678856d2c65373ae4fea49f452c83282f75098a12
-
SSDEEP
3072:xu2+41qk0HyOsyXT1bFMN/Qv0Mjdov5hsWmrZ6crYOexuj9jIuK:8N6QsyZFe/QvHjuT0JrcG
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-