Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

fceb3b6d7e...15.exe

windows7-x64

10

fceb3b6d7e...15.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fceb3b6d7ea0f7d13e45f8aad5f61490f8ab9b095b1a5872aa370fec58b03715.zip

  • Size

    608KB

  • Sample

    230308-qd8j9abh3y

  • MD5

    fbb2fed9d2df3e1f1ca132b58836b4bd

  • SHA1

    db6b203fd77e33ab7e9a2963c7042451dcaa2c4d

  • SHA256

    435ff4c85ff299fb4832adebb10776f31020fe71fdb15f9b990fde01345033f2

  • SHA512

    14daf3ec825cdfd2e1001605ddc5f7075d8e22bfffcf46688b6f596e4461a3c48f93790250ed22302ac91d62216273272a9e46c09f0187d9cf8ad915d5cb9192

  • SSDEEP

    12288:cZmJ+qvojhNsYVu8R4t66ss+jEgi9zty+5hToAG8MWiYiWpOyc/3z:cZmJ+bDsYMQ4I6ssOEgw5bFUWG/z

Score
10/10
amadeyredlinegarrydiscoveryevasioninfostealerpersistencespywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

garry

C2

193.56.146.11:4173

Attributes
  • auth_value

    210ba56bf751fefe327f26e00f0be5a9

Extracted

Family

amadey

Version

3.68

C2

193.56.146.218/images/IMG_489440/index.php

Targets

    • Target

      fceb3b6d7ea0f7d13e45f8aad5f61490f8ab9b095b1a5872aa370fec58b03715.exe

    • Size

      732KB

    • MD5

      0f63174b0eeb561ed37c14ed4e57e6b8

    • SHA1

      57ccf2c95cba79b2310e858dd55491e8f0265534

    • SHA256

      fceb3b6d7ea0f7d13e45f8aad5f61490f8ab9b095b1a5872aa370fec58b03715

    • SHA512

      87fd302f2c51531d41f43bfb2aeadc057bd5781f454bedb02ce3628b16a242e6c210e8ab81958c8b3c145dc4704def2ce6fb2c455f70725fe53a53593ea23884

    • SSDEEP

      12288:Rm6pfk35o48lo+f4fZjgpfoRQZ7DuPpDsTYksCPIKh/yZDRYZiRjuz:7kiVO+bfoRaPuVsTYks+nh/yZDRYZiUz

    Score
    10/10
    amadeyredlinegarrydiscoveryevasioninfostealerpersistencespywarestealertrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Windows security modification

      evasiontrojan

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks