Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    389a506f40730ae285d64923f6f17d7156394e8686f439e129fcc2804601b6b9

  • Size

    790KB

  • Sample

    230411-ac1j9ahc99

  • MD5

    da37f186b3d62af126f8b988eef511bf

  • SHA1

    06892698c152f320e9f2be51aefd4434da9144d7

  • SHA256

    389a506f40730ae285d64923f6f17d7156394e8686f439e129fcc2804601b6b9

  • SHA512

    52317b50a337110a2039a913db3feb42ea400579be89b974b08f8ca684913b0efd48f5e99c1642f23c8a9d2a20eebe3a0c960e3fad441c20979d193eca136a93

  • SSDEEP

    12288:3MrPy90uwIE/4FfchZJYTRpxvg+ifEmgLUt41dOY5b5vCABY85Vsa/WJ:wySF61bx49ElQ41d55Z+9yWJ

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Extracted

Family

redline

Botnet

nahui

C2

176.113.115.145:4125

Attributes
  • auth_value

    b9ed10946d21e28d58d0c72c535cde6f

Targets

    • Target

      389a506f40730ae285d64923f6f17d7156394e8686f439e129fcc2804601b6b9

    • Size

      790KB

    • MD5

      da37f186b3d62af126f8b988eef511bf

    • SHA1

      06892698c152f320e9f2be51aefd4434da9144d7

    • SHA256

      389a506f40730ae285d64923f6f17d7156394e8686f439e129fcc2804601b6b9

    • SHA512

      52317b50a337110a2039a913db3feb42ea400579be89b974b08f8ca684913b0efd48f5e99c1642f23c8a9d2a20eebe3a0c960e3fad441c20979d193eca136a93

    • SSDEEP

      12288:3MrPy90uwIE/4FfchZJYTRpxvg+ifEmgLUt41dOY5b5vCABY85Vsa/WJ:wySF61bx49ElQ41d55Z+9yWJ

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks