Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    02ad3fea856d1e25b831dab377c70d6bccd64867bb1fc27a089f34bfa68acef0

  • Size

    721KB

  • Sample

    230213-vkrmjaea7t

  • MD5

    d644b2ae949948e540249d8120ec77c9

  • SHA1

    05b2e6163596a1eb2d3328f38eec87db559280b3

  • SHA256

    02ad3fea856d1e25b831dab377c70d6bccd64867bb1fc27a089f34bfa68acef0

  • SHA512

    d9049aeff50c08300da9310540e3d9c24355ff4fdf02303f6faaabfb830d73645ca5aa53719e556d1a913ec406d7e8588a67363c03e467df8782ac2236cbae9a

  • SSDEEP

    12288:gMrAy90BA/IXAWvP+9iGbz8FqjbNeJaSVP/6Sn3Vl9lLdf6X:wygb2MGcvaE3BfU

Malware Config

Extracted

Family

redline

Botnet

dunm

C2

193.233.20.12:4132

Attributes
  • auth_value

    352959e3707029296ec94306d74e2334

Extracted

Family

amadey

Version

3.66

C2

62.204.41.4/Gol478Ns/index.php

Targets

    • Target

      02ad3fea856d1e25b831dab377c70d6bccd64867bb1fc27a089f34bfa68acef0

    • Size

      721KB

    • MD5

      d644b2ae949948e540249d8120ec77c9

    • SHA1

      05b2e6163596a1eb2d3328f38eec87db559280b3

    • SHA256

      02ad3fea856d1e25b831dab377c70d6bccd64867bb1fc27a089f34bfa68acef0

    • SHA512

      d9049aeff50c08300da9310540e3d9c24355ff4fdf02303f6faaabfb830d73645ca5aa53719e556d1a913ec406d7e8588a67363c03e467df8782ac2236cbae9a

    • SSDEEP

      12288:gMrAy90BA/IXAWvP+9iGbz8FqjbNeJaSVP/6Sn3Vl9lLdf6X:wygb2MGcvaE3BfU

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks