Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a4bf7a95e3f1787cb97a04d85f4d75cfc9c020636c945f21596d336b23fee072

  • Size

    1.5MB

  • Sample

    230412-gk6vkaac64

  • MD5

    0b619106857112717d4c6fd555c01468

  • SHA1

    fe6b6274db0ec5d83213eb1ffc80b14f70e4a42c

  • SHA256

    a4bf7a95e3f1787cb97a04d85f4d75cfc9c020636c945f21596d336b23fee072

  • SHA512

    ae0d34fb5d846ef37d2e0aef31bc881fc7ca88000644e4c8dcc1fcace8b24c8c9bcde8c2b8fde7a9062686e9e9436ee73d60d87288687d71b0f9fcf8b08cc963

  • SSDEEP

    24576:Ry/ZAgwCsJd63mxOsjaSGg95Xoob1yZYO6w4h5L8KlWiGAXTGFe:EhAgwL62xOsjXGE5Xoob0WOoh5LfFGuS

Score
10/10
amadeyredlineladamaxidiscoveryevasioninfostealerpersistencespywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

lada

C2

185.161.248.90:4125

Attributes
  • auth_value

    0b3678897547fedafe314eda5a2015ba

Extracted

Family

amadey

Version

3.70

C2

193.201.9.43/plays/chapter/index.php

Extracted

Family

redline

Botnet

maxi

C2

185.161.248.90:4125

Attributes
  • auth_value

    6a3f22e5f4209b056a3fd330dc71956a

Targets

    • Target

      a4bf7a95e3f1787cb97a04d85f4d75cfc9c020636c945f21596d336b23fee072

    • Size

      1.5MB

    • MD5

      0b619106857112717d4c6fd555c01468

    • SHA1

      fe6b6274db0ec5d83213eb1ffc80b14f70e4a42c

    • SHA256

      a4bf7a95e3f1787cb97a04d85f4d75cfc9c020636c945f21596d336b23fee072

    • SHA512

      ae0d34fb5d846ef37d2e0aef31bc881fc7ca88000644e4c8dcc1fcace8b24c8c9bcde8c2b8fde7a9062686e9e9436ee73d60d87288687d71b0f9fcf8b08cc963

    • SSDEEP

      24576:Ry/ZAgwCsJd63mxOsjaSGg95Xoob1yZYO6w4h5L8KlWiGAXTGFe:EhAgwL62xOsjXGE5Xoob0WOoh5LfFGuS

    Score
    10/10
    amadeyredlineladamaxidiscoveryevasioninfostealerpersistencespywarestealertrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Windows security modification

      evasiontrojan

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.