Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    609efa5ef08cc2e390cbd589ed63ccf0b99014865606c8bea45adc40a02387d6

  • Size

    853KB

  • Sample

    230411-y4vp3sgg3w

  • MD5

    ae714e6b9285c0ec145fc5e212055cbc

  • SHA1

    2216305509ec6f1b6cd61dcc935de1ffd19daf21

  • SHA256

    609efa5ef08cc2e390cbd589ed63ccf0b99014865606c8bea45adc40a02387d6

  • SHA512

    5c6b7d4221f864fe853ed07d7c60d53b3b7ac7fe81d5ac00140fc31e0fd1b68b74b5c8a81091a4518e6d8f02ffc3ac156947e37ba45cda6dd7328947e3436629

  • SSDEEP

    12288:XMrgy90qRP5F3wEQ6jqMzotweJp7lweSxKEj8/c8czA+epw45+pbLRwgIr1sNpj5:nyhBEKqemJQeyj8/c88T/M+pJ01uws

Malware Config

Extracted

Family

redline

Botnet

lada

C2

185.161.248.90:4125

Attributes
  • auth_value

    0b3678897547fedafe314eda5a2015ba

Extracted

Family

redline

Botnet

diza

C2

185.161.248.90:4125

Attributes
  • auth_value

    0d09b419c8bc967f91c68be4a17e92ee

Extracted

Family

amadey

Version

3.70

C2

193.201.9.43/plays/chapter/index.php

Targets

    • Target

      609efa5ef08cc2e390cbd589ed63ccf0b99014865606c8bea45adc40a02387d6

    • Size

      853KB

    • MD5

      ae714e6b9285c0ec145fc5e212055cbc

    • SHA1

      2216305509ec6f1b6cd61dcc935de1ffd19daf21

    • SHA256

      609efa5ef08cc2e390cbd589ed63ccf0b99014865606c8bea45adc40a02387d6

    • SHA512

      5c6b7d4221f864fe853ed07d7c60d53b3b7ac7fe81d5ac00140fc31e0fd1b68b74b5c8a81091a4518e6d8f02ffc3ac156947e37ba45cda6dd7328947e3436629

    • SSDEEP

      12288:XMrgy90qRP5F3wEQ6jqMzotweJp7lweSxKEj8/c8czA+epw45+pbLRwgIr1sNpj5:nyhBEKqemJQeyj8/c88T/M+pJ01uws

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks