Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8e05c113261bfd579bd2db13cdc4e666ea3378aa4d35a3d15561bf8ff334fba0

  • Size

    896KB

  • Sample

    230412-ftm85saa87

  • MD5

    93e28357a1312fcee10f6168ac45e31d

  • SHA1

    f16378652bb5a4d906cc5e9a451484136a61da91

  • SHA256

    8e05c113261bfd579bd2db13cdc4e666ea3378aa4d35a3d15561bf8ff334fba0

  • SHA512

    540be4f0ffd8fa98fa3d76074d786d6d7097f1068d1bf6a0b684b6ed55d1197e09a54f62d601f89e1bbecc6d4b98364af2f436d67f7c843a16752d180b7b1f78

  • SSDEEP

    24576:GyzKtw69eGyS7KTuqOnZsBprjRzbAC/HnX1/:VzKnOTfUZ4rjRz8C/HX

Malware Config

Extracted

Family

redline

Botnet

lada

C2

185.161.248.90:4125

Attributes
  • auth_value

    0b3678897547fedafe314eda5a2015ba

Extracted

Family

redline

Botnet

diza

C2

185.161.248.90:4125

Attributes
  • auth_value

    0d09b419c8bc967f91c68be4a17e92ee

Extracted

Family

amadey

Version

3.70

C2

193.201.9.43/plays/chapter/index.php

Targets

    • Target

      8e05c113261bfd579bd2db13cdc4e666ea3378aa4d35a3d15561bf8ff334fba0

    • Size

      896KB

    • MD5

      93e28357a1312fcee10f6168ac45e31d

    • SHA1

      f16378652bb5a4d906cc5e9a451484136a61da91

    • SHA256

      8e05c113261bfd579bd2db13cdc4e666ea3378aa4d35a3d15561bf8ff334fba0

    • SHA512

      540be4f0ffd8fa98fa3d76074d786d6d7097f1068d1bf6a0b684b6ed55d1197e09a54f62d601f89e1bbecc6d4b98364af2f436d67f7c843a16752d180b7b1f78

    • SSDEEP

      24576:GyzKtw69eGyS7KTuqOnZsBprjRzbAC/HnX1/:VzKnOTfUZ4rjRz8C/HX

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks