Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    16fdc2bf9fc0a6c61b0e3a7d35f8d036e03fcf265b4843e535062e3ff3f365e9

  • Size

    1.0MB

  • Sample

    230313-b5fk8aab6y

  • MD5

    ea17d5a0dda43bda78af0ccaf4e023aa

  • SHA1

    a7dab9d034eaf2945af1a339bd37142058a42b41

  • SHA256

    16fdc2bf9fc0a6c61b0e3a7d35f8d036e03fcf265b4843e535062e3ff3f365e9

  • SHA512

    d44c7fa6b12b664d78dca00a6f837ab7b2e112bddc7b5e78af9b1cae754ebccbb1886a1af69228bc044f5686172f06a55602e6a5f73245200fc7ab31851c3f8a

  • SSDEEP

    24576:lMbRJYQ7llq8IjPVOQpe1775ysdJw9ToAmMAo0Qvk:loYQ7SjPECK/5yQJwMMAo0y

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes
  • auth_value

    ecf79d7f5227d998a3501c972d915d23

Extracted

Family

redline

Botnet

vina

C2

193.233.20.28:4125

Attributes
  • auth_value

    7e90e85c9cea0965a2bfd23e1cfc6bc8

Extracted

Family

amadey

Version

3.68

C2

31.41.244.200/games/category/index.php

Targets

    • Target

      16fdc2bf9fc0a6c61b0e3a7d35f8d036e03fcf265b4843e535062e3ff3f365e9

    • Size

      1.0MB

    • MD5

      ea17d5a0dda43bda78af0ccaf4e023aa

    • SHA1

      a7dab9d034eaf2945af1a339bd37142058a42b41

    • SHA256

      16fdc2bf9fc0a6c61b0e3a7d35f8d036e03fcf265b4843e535062e3ff3f365e9

    • SHA512

      d44c7fa6b12b664d78dca00a6f837ab7b2e112bddc7b5e78af9b1cae754ebccbb1886a1af69228bc044f5686172f06a55602e6a5f73245200fc7ab31851c3f8a

    • SSDEEP

      24576:lMbRJYQ7llq8IjPVOQpe1775ysdJw9ToAmMAo0Qvk:loYQ7SjPECK/5yQJwMMAo0y

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks