Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    526ff1b5dc4f76044ee1ca30d284e017.exe

  • Size

    1.2MB

  • Sample

    230319-jjpk1afe33

  • MD5

    526ff1b5dc4f76044ee1ca30d284e017

  • SHA1

    92630a6c1189d225fee0f3d70e0d0d63ced8e1d4

  • SHA256

    e206c8c21d0dbf196ff2bfb667bd554168b1b52ebd8e3e4e70590e080bdb3ac5

  • SHA512

    76bd346932837c04c6fba11fbdcbc74c01da53c64a90accc3fe5eaec44ca47153f078bf4817d378b74b1eabc398da612293eebceccb2d39c95a1edefaef4ff0a

  • SSDEEP

    24576:q1F4VX4ZsIETa80JWFst9LqGfEBz9terTMH9MbMx9upUenl6O:q1FWWbETahMszqGfu0rYHqbMxQpPl

Malware Config

Extracted

Family

redline

Botnet

gena

C2

193.233.20.30:4125

Attributes
  • auth_value

    93c20961cb6b06b2d5781c212db6201e

Extracted

Family

redline

Botnet

relon

C2

193.233.20.30:4125

Attributes
  • auth_value

    17da69809725577b595e217ba006b869

Extracted

Family

amadey

Version

3.68

C2

31.41.244.200/games/category/index.php

Targets

    • Target

      526ff1b5dc4f76044ee1ca30d284e017.exe

    • Size

      1.2MB

    • MD5

      526ff1b5dc4f76044ee1ca30d284e017

    • SHA1

      92630a6c1189d225fee0f3d70e0d0d63ced8e1d4

    • SHA256

      e206c8c21d0dbf196ff2bfb667bd554168b1b52ebd8e3e4e70590e080bdb3ac5

    • SHA512

      76bd346932837c04c6fba11fbdcbc74c01da53c64a90accc3fe5eaec44ca47153f078bf4817d378b74b1eabc398da612293eebceccb2d39c95a1edefaef4ff0a

    • SSDEEP

      24576:q1F4VX4ZsIETa80JWFst9LqGfEBz9terTMH9MbMx9upUenl6O:q1FWWbETahMszqGfu0rYHqbMxQpPl

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.