Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ed1bbcfc7e524428eb73a4ee482885304ed8c27b47de57c14ab2cb9d134409ee

  • Size

    857KB

  • Sample

    230303-kaha1agb8v

  • MD5

    a5221f848fc3513b93d189b1b0b8c318

  • SHA1

    db4d01f3c3143b84c72ecfae1d1cb4a2943ea8e0

  • SHA256

    ed1bbcfc7e524428eb73a4ee482885304ed8c27b47de57c14ab2cb9d134409ee

  • SHA512

    9cdfdd592cb582386c93ee7f1f711919258ca0cfbc547b9c14a6bf1b061f21de8fc13cf2f38743a3ea1b988bb4b3956b9c7c6e1386d71076216d64e425358392

  • SSDEEP

    12288:LMrvy90YijVZVUuBhNFNeEYLckEZxup9njrqhUYCIr+qyM0wNmqdqPoAEifYh:wyVijHVUQHeEUemp9jrqhUEjtKoAEl

Malware Config

Extracted

Family

redline

Botnet

ruzhpe

C2

pepunn.com:4162

Attributes
  • auth_value

    f735ced96ae8d01d0bd1d514240e54e0

Extracted

Family

amadey

Version

3.68

C2

193.233.20.25/buH5N004d/index.php

Targets

    • Target

      ed1bbcfc7e524428eb73a4ee482885304ed8c27b47de57c14ab2cb9d134409ee

    • Size

      857KB

    • MD5

      a5221f848fc3513b93d189b1b0b8c318

    • SHA1

      db4d01f3c3143b84c72ecfae1d1cb4a2943ea8e0

    • SHA256

      ed1bbcfc7e524428eb73a4ee482885304ed8c27b47de57c14ab2cb9d134409ee

    • SHA512

      9cdfdd592cb582386c93ee7f1f711919258ca0cfbc547b9c14a6bf1b061f21de8fc13cf2f38743a3ea1b988bb4b3956b9c7c6e1386d71076216d64e425358392

    • SSDEEP

      12288:LMrvy90YijVZVUuBhNFNeEYLckEZxup9njrqhUYCIr+qyM0wNmqdqPoAEifYh:wyVijHVUQHeEUemp9jrqhUEjtKoAEl

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks