Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7d12a2749e8a32ea4dcc964fbd670381112d818c01d6344f557e5c1f1c4597d7

  • Size

    1.0MB

  • Sample

    230320-ncc1vadb65

  • MD5

    ca80f81a826c6e89259a2b981d9fdf8e

  • SHA1

    e8afcd14bb35c4cd1d721a18b04044acd1f2169b

  • SHA256

    7d12a2749e8a32ea4dcc964fbd670381112d818c01d6344f557e5c1f1c4597d7

  • SHA512

    75d0d246bc47b7da1f722e1545181b3b2e8d3ba2e2ef2b084c9cd3e82460e8920b87dfe69918625ed36f74a322b97599ee6124e8aaa7c909dd1dcdb87702f1ce

  • SSDEEP

    12288:tlUT0neMygxKksmovGPareayCvk333WGuceR2YoSVr6zY4okm4SBOQcoD44nDFM9:qdgx1ej3yCc+3AYoSQwlri1jX

Malware Config

Extracted

Family

redline

Botnet

gena

C2

193.233.20.30:4125

Attributes
  • auth_value

    93c20961cb6b06b2d5781c212db6201e

Extracted

Family

redline

Botnet

relon

C2

193.233.20.30:4125

Attributes
  • auth_value

    17da69809725577b595e217ba006b869

Extracted

Family

amadey

Version

3.68

C2

31.41.244.200/games/category/index.php

Targets

    • Target

      7d12a2749e8a32ea4dcc964fbd670381112d818c01d6344f557e5c1f1c4597d7

    • Size

      1.0MB

    • MD5

      ca80f81a826c6e89259a2b981d9fdf8e

    • SHA1

      e8afcd14bb35c4cd1d721a18b04044acd1f2169b

    • SHA256

      7d12a2749e8a32ea4dcc964fbd670381112d818c01d6344f557e5c1f1c4597d7

    • SHA512

      75d0d246bc47b7da1f722e1545181b3b2e8d3ba2e2ef2b084c9cd3e82460e8920b87dfe69918625ed36f74a322b97599ee6124e8aaa7c909dd1dcdb87702f1ce

    • SSDEEP

      12288:tlUT0neMygxKksmovGPareayCvk333WGuceR2YoSVr6zY4okm4SBOQcoD44nDFM9:qdgx1ej3yCc+3AYoSQwlri1jX

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.