Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    540acb6012a8c4bb69aeb88a36ae4a2fa721e357e09a60209eb5c761551b56e7

  • Size

    989KB

  • Sample

    230330-rt3vdada72

  • MD5

    094fffc08fdddec552be693e72c8a30b

  • SHA1

    d6804436a13dff3bb98a216da2c34c638187effe

  • SHA256

    540acb6012a8c4bb69aeb88a36ae4a2fa721e357e09a60209eb5c761551b56e7

  • SHA512

    cc2374fcac4ae6735459e47b3bc092abe867d7a396f1f9dd94d853b88961c00b4cbe37388d6374c10a853c217dacdf99e2c58b7a92e21781ee6daf09fe5c0702

  • SSDEEP

    24576:byFpGwUDej8uMPkqNrQyZzECe132CHdkEHRjUWK3KA:OCwUiDMkCZV5e9B9FUWK3K

Score
10/10
amadeyredlinelinorosndiscoveryevasioninfostealerpersistencespywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Extracted

Family

redline

Botnet

lino

C2

176.113.115.145:4125

Attributes
  • auth_value

    ac19251c9237676a0dd7d46d3f536e96

Extracted

Family

amadey

Version

3.69

C2

193.233.20.36/joomla/index.php

Targets

    • Target

      540acb6012a8c4bb69aeb88a36ae4a2fa721e357e09a60209eb5c761551b56e7

    • Size

      989KB

    • MD5

      094fffc08fdddec552be693e72c8a30b

    • SHA1

      d6804436a13dff3bb98a216da2c34c638187effe

    • SHA256

      540acb6012a8c4bb69aeb88a36ae4a2fa721e357e09a60209eb5c761551b56e7

    • SHA512

      cc2374fcac4ae6735459e47b3bc092abe867d7a396f1f9dd94d853b88961c00b4cbe37388d6374c10a853c217dacdf99e2c58b7a92e21781ee6daf09fe5c0702

    • SSDEEP

      24576:byFpGwUDej8uMPkqNrQyZzECe132CHdkEHRjUWK3KA:OCwUiDMkCZV5e9B9FUWK3K

    Score
    10/10
    amadeyredlinelinorosndiscoveryevasioninfostealerpersistencespywarestealertrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Windows security modification

      evasiontrojan

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.