Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
file.exe
-
Size
999KB
-
Sample
230328-ct5lmsad3s
-
MD5
78ae27444c03120c73fc7bf440cbc021
-
SHA1
019479e7c7670d854f6451bd0355e78b9fcccc88
-
SHA256
6014488119cdc6060f292afdae706782323e1ea0b5f44ee089eef3fc7871aab9
-
SHA512
232dde2872e679e02c5d3769ecec249b739ca8c1a44537b309ead82608a82b0885c020073b77b1e1e7f96d36f3d859c4b5912e81a862c52b90ab2c81e7d5e462
-
SSDEEP
24576:yy2CqPBJiMdPX/akb9AO+x+3mJFPhTag95pvF1aX5ZvV:ZYPDimP/acW+3mdpvpvF1QZv
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
renta
176.113.115.145:4125
-
auth_value
359596fd5b36e9925ade4d9a1846bafb
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
file.exe
-
Size
999KB
-
MD5
78ae27444c03120c73fc7bf440cbc021
-
SHA1
019479e7c7670d854f6451bd0355e78b9fcccc88
-
SHA256
6014488119cdc6060f292afdae706782323e1ea0b5f44ee089eef3fc7871aab9
-
SHA512
232dde2872e679e02c5d3769ecec249b739ca8c1a44537b309ead82608a82b0885c020073b77b1e1e7f96d36f3d859c4b5912e81a862c52b90ab2c81e7d5e462
-
SSDEEP
24576:yy2CqPBJiMdPX/akb9AO+x+3mJFPhTag95pvF1aX5ZvV:ZYPDimP/acW+3mdpvpvF1QZv
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-