Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
NEAS.bc3507e3b2e3e27b11fdb259f5d44e90_JC.exe
-
Size
759KB
-
Sample
231105-xk1ljscd27
-
MD5
bc3507e3b2e3e27b11fdb259f5d44e90
-
SHA1
7d0e95a41159e47550aa755e55c429841a8e2d35
-
SHA256
d1a00dae28f517e56d7386110ff80eea150f344964f965fa0a3fa9539fe0b91f
-
SHA512
5e366bc9153737761a36436ac2dd2cdf5f8015b4744d6676b6f0dfff8e7c7cad7a399e8699dc35b085a5849ac7c72d7a4437001a6f9aa1013b210cd82c632e6d
-
SSDEEP
12288:NMrHy90MAxd4un4BQ/3GArUrAS32BLng+FxwnQRPI78UK93/2M3:Wy1o/KR3GgqCnQ/J9Pn3
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.bc3507e3b2e3e27b11fdb259f5d44e90_JC.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
redline
kinza
77.91.124.86:19084
Targets
-
-
Target
NEAS.bc3507e3b2e3e27b11fdb259f5d44e90_JC.exe
-
Size
759KB
-
MD5
bc3507e3b2e3e27b11fdb259f5d44e90
-
SHA1
7d0e95a41159e47550aa755e55c429841a8e2d35
-
SHA256
d1a00dae28f517e56d7386110ff80eea150f344964f965fa0a3fa9539fe0b91f
-
SHA512
5e366bc9153737761a36436ac2dd2cdf5f8015b4744d6676b6f0dfff8e7c7cad7a399e8699dc35b085a5849ac7c72d7a4437001a6f9aa1013b210cd82c632e6d
-
SSDEEP
12288:NMrHy90MAxd4un4BQ/3GArUrAS32BLng+FxwnQRPI78UK93/2M3:Wy1o/KR3GgqCnQ/J9Pn3
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-