Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4ae7d1e138e3af5e4e3be6f5788c6ed954cbb5b805dc297a3f9794b8b81343fb

  • Size

    1.0MB

  • Sample

    230326-qcycwsgf26

  • MD5

    4367865588c556fd0828f88ac2c458d9

  • SHA1

    a592b0d12bab13e843be70a3cfad2549d38d81fa

  • SHA256

    4ae7d1e138e3af5e4e3be6f5788c6ed954cbb5b805dc297a3f9794b8b81343fb

  • SHA512

    30daec8f32d0acce735ccd0106bdb926585ba13baef5a4031803e55a55c843fa9b45d83acdc1cbc7c322932fe8ff52d427c0b048cb8f3f1a5c3f27a2bc13794d

  • SSDEEP

    24576:FyrHHLHRXwz2fNp9S2xHjvYVpZOn/3R63:gzLxXQkDUygVpZQR6

Malware Config

Extracted

Family

redline

Botnet

boris

C2

193.233.20.32:4125

Attributes
  • auth_value

    766b5bdf6dbefcf7ca223351952fc38f

Extracted

Family

redline

Botnet

braza

C2

193.233.20.32:4125

Attributes
  • auth_value

    ebe61b54deeef75cf8466416c0857088

Extracted

Family

amadey

Version

3.68

C2

31.41.244.200/games/category/index.php

Extracted

Family

redline

Botnet

dogma

C2

193.233.20.32:4125

Attributes
  • auth_value

    1b692976ca991040f2e8890409c35142

Targets

    • Target

      4ae7d1e138e3af5e4e3be6f5788c6ed954cbb5b805dc297a3f9794b8b81343fb

    • Size

      1.0MB

    • MD5

      4367865588c556fd0828f88ac2c458d9

    • SHA1

      a592b0d12bab13e843be70a3cfad2549d38d81fa

    • SHA256

      4ae7d1e138e3af5e4e3be6f5788c6ed954cbb5b805dc297a3f9794b8b81343fb

    • SHA512

      30daec8f32d0acce735ccd0106bdb926585ba13baef5a4031803e55a55c843fa9b45d83acdc1cbc7c322932fe8ff52d427c0b048cb8f3f1a5c3f27a2bc13794d

    • SSDEEP

      24576:FyrHHLHRXwz2fNp9S2xHjvYVpZOn/3R63:gzLxXQkDUygVpZQR6

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks