Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

fb0fa6d37a...c9.exe

windows7-x64

10

fb0fa6d37a...c9.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fb0fa6d37a6f1fa1d7643bc8cfde5cc9

  • Size

    730KB

  • Sample

    230321-ghctpsgh89

  • MD5

    fb0fa6d37a6f1fa1d7643bc8cfde5cc9

  • SHA1

    b84458e32dbad5a210225f2bab91043632053515

  • SHA256

    3e9f80572c387f795a42a40bf120921706926aea28c7b81a49f86ecacb63a612

  • SHA512

    39ba2f5d07395ae1598768d358f77e95f4b2148e3303d5bce489ab018d1e5cc8552f9d97ef0af720996c811d17530f124ac7a6ddbc7547c93b7eb76e3e027886

  • SSDEEP

    12288:NMrmy90Yw9DIQ5ocH0GCF9XeUs898OfwlpbJvgmyzM9qWohYlirZjQ1rAo:PyFmBucHdCF9Xk89RfSIto9ChYGTo

Score
10/10
amadeyredlinedunmgenarukadiscoveryevasioninfostealerpersistencespywarestealertrojan

Malware Config

Extracted

Family

amadey

Version

3.66

C2

62.204.41.4/Gol478Ns/index.php

Extracted

Family

redline

Botnet

dunm

C2

193.233.20.12:4132

Attributes
  • auth_value

    352959e3707029296ec94306d74e2334

Extracted

Family

redline

Botnet

gena

C2

193.233.20.30:4125

Attributes
  • auth_value

    93c20961cb6b06b2d5781c212db6201e

Extracted

Family

redline

Botnet

ruka

C2

193.233.20.28:4125

Attributes
  • auth_value

    5d1d0e51ebe1e3f16cca573ff651c43c

Targets

    • Target

      fb0fa6d37a6f1fa1d7643bc8cfde5cc9

    • Size

      730KB

    • MD5

      fb0fa6d37a6f1fa1d7643bc8cfde5cc9

    • SHA1

      b84458e32dbad5a210225f2bab91043632053515

    • SHA256

      3e9f80572c387f795a42a40bf120921706926aea28c7b81a49f86ecacb63a612

    • SHA512

      39ba2f5d07395ae1598768d358f77e95f4b2148e3303d5bce489ab018d1e5cc8552f9d97ef0af720996c811d17530f124ac7a6ddbc7547c93b7eb76e3e027886

    • SSDEEP

      12288:NMrmy90Yw9DIQ5ocH0GCF9XeUs898OfwlpbJvgmyzM9qWohYlirZjQ1rAo:PyFmBucHdCF9Xk89RfSIto9ChYGTo

    Score
    10/10
    amadeyredlinedunmgenarukadiscoveryevasioninfostealerpersistencespywarestealertrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Windows security modification

      evasiontrojan

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks