Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEAS.bc3507e3b2e3e27b11fdb259f5d44e90_JC.exe

  • Size

    759KB

  • Sample

    231105-xk1ljscd27

  • MD5

    bc3507e3b2e3e27b11fdb259f5d44e90

  • SHA1

    7d0e95a41159e47550aa755e55c429841a8e2d35

  • SHA256

    d1a00dae28f517e56d7386110ff80eea150f344964f965fa0a3fa9539fe0b91f

  • SHA512

    5e366bc9153737761a36436ac2dd2cdf5f8015b4744d6676b6f0dfff8e7c7cad7a399e8699dc35b085a5849ac7c72d7a4437001a6f9aa1013b210cd82c632e6d

  • SSDEEP

    12288:NMrHy90MAxd4un4BQ/3GArUrAS32BLng+FxwnQRPI78UK93/2M3:Wy1o/KR3GgqCnQ/J9Pn3

Malware Config

Extracted

Family

redline

Botnet

kinza

C2

77.91.124.86:19084

Targets

    • Target

      NEAS.bc3507e3b2e3e27b11fdb259f5d44e90_JC.exe

    • Size

      759KB

    • MD5

      bc3507e3b2e3e27b11fdb259f5d44e90

    • SHA1

      7d0e95a41159e47550aa755e55c429841a8e2d35

    • SHA256

      d1a00dae28f517e56d7386110ff80eea150f344964f965fa0a3fa9539fe0b91f

    • SHA512

      5e366bc9153737761a36436ac2dd2cdf5f8015b4744d6676b6f0dfff8e7c7cad7a399e8699dc35b085a5849ac7c72d7a4437001a6f9aa1013b210cd82c632e6d

    • SSDEEP

      12288:NMrHy90MAxd4un4BQ/3GArUrAS32BLng+FxwnQRPI78UK93/2M3:Wy1o/KR3GgqCnQ/J9Pn3

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks