Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    10621a118584dd9bc770d5d4e251bcee2f5f55b15ffeb95b0e81028c73b13371

  • Size

    1024KB

  • Sample

    230323-h7tzysec22

  • MD5

    2c3e70c44e496f494d7f9b8fe9f10afd

  • SHA1

    f3765c731eca77c16a5f6349e34b6153b6befee2

  • SHA256

    10621a118584dd9bc770d5d4e251bcee2f5f55b15ffeb95b0e81028c73b13371

  • SHA512

    3608e72d5dff2f6cfbd70faf7c13008c8c47696ab0d06c4eb6d6585bf65aaac2f17c10078c1626db38b946791d9c26a70b41a936d8161d01acd642379f361b24

  • SSDEEP

    12288:aMrjy90RlaMtvTJ/CNWqzc0xcGpxh3L4hbvzlj3iMaaxduFzAa0KJ5pOJ+iqIP0D:ly0w1WChLGbxjnjuRAa0KaCIP0Mkj

Malware Config

Extracted

Family

redline

Botnet

down

C2

193.233.20.31:4125

Attributes
  • auth_value

    12c31a90c72f5efae8c053a0bd339381

Extracted

Family

redline

Botnet

trap

C2

193.233.20.30:4125

Attributes
  • auth_value

    b39a737e2e9eba88e48ab88d1061be9c

Extracted

Family

amadey

Version

3.68

C2

31.41.244.200/games/category/index.php

Targets

    • Target

      10621a118584dd9bc770d5d4e251bcee2f5f55b15ffeb95b0e81028c73b13371

    • Size

      1024KB

    • MD5

      2c3e70c44e496f494d7f9b8fe9f10afd

    • SHA1

      f3765c731eca77c16a5f6349e34b6153b6befee2

    • SHA256

      10621a118584dd9bc770d5d4e251bcee2f5f55b15ffeb95b0e81028c73b13371

    • SHA512

      3608e72d5dff2f6cfbd70faf7c13008c8c47696ab0d06c4eb6d6585bf65aaac2f17c10078c1626db38b946791d9c26a70b41a936d8161d01acd642379f361b24

    • SSDEEP

      12288:aMrjy90RlaMtvTJ/CNWqzc0xcGpxh3L4hbvzlj3iMaaxduFzAa0KJ5pOJ+iqIP0D:ly0w1WChLGbxjnjuRAa0KaCIP0Mkj

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.