Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1678537c1f5bea0056729c2284d8006d9b80980632afb7cdcd0b40fe6add64f0

  • Size

    985KB

  • Sample

    230331-dpyg7shg6y

  • MD5

    9143e5a56ee77f5d474ae1c221b8b7f3

  • SHA1

    169af853626db05a8052ef620219e6fef261e4e7

  • SHA256

    1678537c1f5bea0056729c2284d8006d9b80980632afb7cdcd0b40fe6add64f0

  • SHA512

    15eaf3195d6834c2533ebd9b7c8b8c06c7a278fa3947c77b91da33ee61ae2363562a9bfa0a0f8ab05c2cf53dce16f71429d1df1cf5d2bde8ec3736699bbf605c

  • SSDEEP

    24576:yyNYNIQuxA4clmp2YZRnJP2qsyFX9eg6frtBZ2Ag/M36n9:ZiNKqsp2YZxJ2qsyTwfrtD36

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Extracted

Family

redline

Botnet

liba

C2

176.113.115.145:4125

Attributes
  • auth_value

    1a62e130767ad862d1fb9d7ab0115025

Extracted

Family

amadey

Version

3.69

C2

193.233.20.36/joomla/index.php

Targets

    • Target

      1678537c1f5bea0056729c2284d8006d9b80980632afb7cdcd0b40fe6add64f0

    • Size

      985KB

    • MD5

      9143e5a56ee77f5d474ae1c221b8b7f3

    • SHA1

      169af853626db05a8052ef620219e6fef261e4e7

    • SHA256

      1678537c1f5bea0056729c2284d8006d9b80980632afb7cdcd0b40fe6add64f0

    • SHA512

      15eaf3195d6834c2533ebd9b7c8b8c06c7a278fa3947c77b91da33ee61ae2363562a9bfa0a0f8ab05c2cf53dce16f71429d1df1cf5d2bde8ec3736699bbf605c

    • SSDEEP

      24576:yyNYNIQuxA4clmp2YZRnJP2qsyFX9eg6frtBZ2Ag/M36n9:ZiNKqsp2YZxJ2qsyTwfrtD36

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks