Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
NEAS.5dae66c168cccd23b6b060ddfd3b6170.exe
-
Size
758KB
-
Sample
231104-ren3nsah8t
-
MD5
5dae66c168cccd23b6b060ddfd3b6170
-
SHA1
49c18f6523134da0c21b413940e0721abf8ca258
-
SHA256
586d3d384e58bae74f8eb9bb68c36d3d5aec1f4cb3a041a39b84a4a9b895c396
-
SHA512
ded86ee173202eecf70546740c60daf2c4e5e198f327bf7def281fe08ef194ec4e91650528c272966c95c99b3bc2f3b097dcd042dd43f0be537aa3a4f5a13786
-
SSDEEP
12288:kMrUy90nTqx7TP8KN9D8pzOuivKQxivoEUx780wUzl/al+8RVUagWK1PaR433:Qy8q58Kc6SkJx+UlF8RVQx13
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.5dae66c168cccd23b6b060ddfd3b6170.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
redline
kinza
77.91.124.86:19084
Targets
-
-
Target
NEAS.5dae66c168cccd23b6b060ddfd3b6170.exe
-
Size
758KB
-
MD5
5dae66c168cccd23b6b060ddfd3b6170
-
SHA1
49c18f6523134da0c21b413940e0721abf8ca258
-
SHA256
586d3d384e58bae74f8eb9bb68c36d3d5aec1f4cb3a041a39b84a4a9b895c396
-
SHA512
ded86ee173202eecf70546740c60daf2c4e5e198f327bf7def281fe08ef194ec4e91650528c272966c95c99b3bc2f3b097dcd042dd43f0be537aa3a4f5a13786
-
SSDEEP
12288:kMrUy90nTqx7TP8KN9D8pzOuivKQxivoEUx780wUzl/al+8RVUagWK1PaR433:Qy8q58Kc6SkJx+UlF8RVQx13
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-