Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    17c53e66620462d34286a5e6ce9dcc2d2cc0dd85ed29e1ef83ed731717f62f24

  • Size

    1.1MB

  • Sample

    230313-ghfwcsag8z

  • MD5

    93b1e457819e11c880756e683aae1daa

  • SHA1

    be3de3fd83036970c34f5c464c26f2b4558c1018

  • SHA256

    17c53e66620462d34286a5e6ce9dcc2d2cc0dd85ed29e1ef83ed731717f62f24

  • SHA512

    2207dd26f74a52db0777ad42f35eb591e3b60312e0338b1a64f2ee9acc31cfed31bd102542e06dd54b5bbc7ead70f33cf2bf37a18bbb91be50cd7707b6ef47dc

  • SSDEEP

    24576:kIpYjWsLGJzJF0DuVXBs5xo9qTwg/mwiEptybz7rWwNXVdq:1YqhJzJKyVXBs7Tz/b2bz7rWAX

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes
  • auth_value

    ecf79d7f5227d998a3501c972d915d23

Extracted

Family

redline

Botnet

vina

C2

193.233.20.28:4125

Attributes
  • auth_value

    7e90e85c9cea0965a2bfd23e1cfc6bc8

Extracted

Family

amadey

Version

3.68

C2

31.41.244.200/games/category/index.php

Targets

    • Target

      17c53e66620462d34286a5e6ce9dcc2d2cc0dd85ed29e1ef83ed731717f62f24

    • Size

      1.1MB

    • MD5

      93b1e457819e11c880756e683aae1daa

    • SHA1

      be3de3fd83036970c34f5c464c26f2b4558c1018

    • SHA256

      17c53e66620462d34286a5e6ce9dcc2d2cc0dd85ed29e1ef83ed731717f62f24

    • SHA512

      2207dd26f74a52db0777ad42f35eb591e3b60312e0338b1a64f2ee9acc31cfed31bd102542e06dd54b5bbc7ead70f33cf2bf37a18bbb91be50cd7707b6ef47dc

    • SSDEEP

      24576:kIpYjWsLGJzJF0DuVXBs5xo9qTwg/mwiEptybz7rWwNXVdq:1YqhJzJKyVXBs7Tz/b2bz7rWAX

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks