Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2cead47080339a4cc23f02109c577179866f3401900bf72c8f877177ba9ba29f

  • Size

    1.0MB

  • Sample

    230327-jlm5yscd23

  • MD5

    8518c3a296e03f87907f1c1aabbad258

  • SHA1

    d20d97c7cc0393998da224b3d7e8db2777bc7343

  • SHA256

    2cead47080339a4cc23f02109c577179866f3401900bf72c8f877177ba9ba29f

  • SHA512

    11a003735dd4d295ca5b60e44715a7c2a2b9f8e1edbd0b7563d4b02f350e8228a6c023461199c97b52d350b31241d7dd9856303aae02ba128fa11b0b3f72cd08

  • SSDEEP

    24576:+y9Wgq1YGXtGr8l+MzmmiUjfvDdKnAP3hEA3UjQ9QdKBmT9rKo9e/ir:N9XEYow84MEMBKn4ajpdKBS0/i

Malware Config

Extracted

Family

redline

Botnet

sony

C2

193.233.20.33:4125

Attributes
  • auth_value

    1d93d1744381eeb4fcfd7c23ffe0f0b4

Extracted

Family

redline

Botnet

fort

C2

193.233.20.33:4125

Attributes
  • auth_value

    5ea5673154a804d8c80f565f7276f720

Extracted

Family

amadey

Version

3.68

C2

62.204.41.87/joomla/index.php

Targets

    • Target

      2cead47080339a4cc23f02109c577179866f3401900bf72c8f877177ba9ba29f

    • Size

      1.0MB

    • MD5

      8518c3a296e03f87907f1c1aabbad258

    • SHA1

      d20d97c7cc0393998da224b3d7e8db2777bc7343

    • SHA256

      2cead47080339a4cc23f02109c577179866f3401900bf72c8f877177ba9ba29f

    • SHA512

      11a003735dd4d295ca5b60e44715a7c2a2b9f8e1edbd0b7563d4b02f350e8228a6c023461199c97b52d350b31241d7dd9856303aae02ba128fa11b0b3f72cd08

    • SSDEEP

      24576:+y9Wgq1YGXtGr8l+MzmmiUjfvDdKnAP3hEA3UjQ9QdKBmT9rKo9e/ir:N9XEYow84MEMBKn4ajpdKBS0/i

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks