Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    69a2007dfed72416f31dd04a1d9c0f1a5e2eee22161450344675ec8a2b57390a

  • Size

    927KB

  • Sample

    230411-hzyceabb24

  • MD5

    25195ac3dbd25a23e2c0b8cdbd885ec5

  • SHA1

    db464ef131c0d0d234b16941afb014707b4e5cd2

  • SHA256

    69a2007dfed72416f31dd04a1d9c0f1a5e2eee22161450344675ec8a2b57390a

  • SHA512

    eaddc0b9a7441cdd82d56456e62b654fce0e84b3e1110cc70bbd3d0a4ba6655da1e75e615445d9fb35119563bd802c25281cbcc0d674d959f03094daf5a3c1cf

  • SSDEEP

    12288:SMrLy90zlr0YcjhBAfyykh66ntl+C4gMrC3eg+QDw5y6w4Gz/sQdYebZQ5:FyWlr0Y+AfI7tAC49K+n4vLxbZQ5

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Extracted

Family

redline

Botnet

nahui

C2

176.113.115.145:4125

Attributes
  • auth_value

    b9ed10946d21e28d58d0c72c535cde6f

Targets

    • Target

      69a2007dfed72416f31dd04a1d9c0f1a5e2eee22161450344675ec8a2b57390a

    • Size

      927KB

    • MD5

      25195ac3dbd25a23e2c0b8cdbd885ec5

    • SHA1

      db464ef131c0d0d234b16941afb014707b4e5cd2

    • SHA256

      69a2007dfed72416f31dd04a1d9c0f1a5e2eee22161450344675ec8a2b57390a

    • SHA512

      eaddc0b9a7441cdd82d56456e62b654fce0e84b3e1110cc70bbd3d0a4ba6655da1e75e615445d9fb35119563bd802c25281cbcc0d674d959f03094daf5a3c1cf

    • SSDEEP

      12288:SMrLy90zlr0YcjhBAfyykh66ntl+C4gMrC3eg+QDw5y6w4Gz/sQdYebZQ5:FyWlr0Y+AfI7tAC49K+n4vLxbZQ5

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks