Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEAS.5dae66c168cccd23b6b060ddfd3b6170.exe

  • Size

    758KB

  • Sample

    231104-ren3nsah8t

  • MD5

    5dae66c168cccd23b6b060ddfd3b6170

  • SHA1

    49c18f6523134da0c21b413940e0721abf8ca258

  • SHA256

    586d3d384e58bae74f8eb9bb68c36d3d5aec1f4cb3a041a39b84a4a9b895c396

  • SHA512

    ded86ee173202eecf70546740c60daf2c4e5e198f327bf7def281fe08ef194ec4e91650528c272966c95c99b3bc2f3b097dcd042dd43f0be537aa3a4f5a13786

  • SSDEEP

    12288:kMrUy90nTqx7TP8KN9D8pzOuivKQxivoEUx780wUzl/al+8RVUagWK1PaR433:Qy8q58Kc6SkJx+UlF8RVQx13

Malware Config

Extracted

Family

redline

Botnet

kinza

C2

77.91.124.86:19084

Targets

    • Target

      NEAS.5dae66c168cccd23b6b060ddfd3b6170.exe

    • Size

      758KB

    • MD5

      5dae66c168cccd23b6b060ddfd3b6170

    • SHA1

      49c18f6523134da0c21b413940e0721abf8ca258

    • SHA256

      586d3d384e58bae74f8eb9bb68c36d3d5aec1f4cb3a041a39b84a4a9b895c396

    • SHA512

      ded86ee173202eecf70546740c60daf2c4e5e198f327bf7def281fe08ef194ec4e91650528c272966c95c99b3bc2f3b097dcd042dd43f0be537aa3a4f5a13786

    • SSDEEP

      12288:kMrUy90nTqx7TP8KN9D8pzOuivKQxivoEUx780wUzl/al+8RVUagWK1PaR433:Qy8q58Kc6SkJx+UlF8RVQx13

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks