Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8137406f77f37cbe88a0063df8dbd6c640be5265fcb0a12c415ce23381b9be3b

  • Size

    1.4MB

  • Sample

    230413-q5kx9sbg89

  • MD5

    dbe4431470fd86e75fa1834ea657ef16

  • SHA1

    96cc8a42263810038f69c2b78a90fb3ab23182fb

  • SHA256

    8137406f77f37cbe88a0063df8dbd6c640be5265fcb0a12c415ce23381b9be3b

  • SHA512

    33be2579a15286976155d751cae2d7a699fc24d747ad2cc1576438feea8369e2edc86b6a78d0745f24c818f44c9a1db0bd7f7742d4dd73a5ba9247347a3b96ac

  • SSDEEP

    24576:Lycx3lKT/xkzqiJ8Il1MxahapobRFBEORbhJa5dAPABtPBynl/LMM1MNV:+iKT/xdC8IHMchFRRbhcbvBelIM1I

Score
10/10
amadeyredlineladamaridiscoveryevasioninfostealerpersistencespywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

lada

C2

185.161.248.90:4125

Attributes
  • auth_value

    0b3678897547fedafe314eda5a2015ba

Extracted

Family

amadey

Version

3.70

C2

193.201.9.43/plays/chapter/index.php

Extracted

Family

redline

Botnet

mari

C2

185.161.248.90:4125

Attributes
  • auth_value

    55a059e2793efc70d441ee368eba8733

Targets

    • Target

      8137406f77f37cbe88a0063df8dbd6c640be5265fcb0a12c415ce23381b9be3b

    • Size

      1.4MB

    • MD5

      dbe4431470fd86e75fa1834ea657ef16

    • SHA1

      96cc8a42263810038f69c2b78a90fb3ab23182fb

    • SHA256

      8137406f77f37cbe88a0063df8dbd6c640be5265fcb0a12c415ce23381b9be3b

    • SHA512

      33be2579a15286976155d751cae2d7a699fc24d747ad2cc1576438feea8369e2edc86b6a78d0745f24c818f44c9a1db0bd7f7742d4dd73a5ba9247347a3b96ac

    • SSDEEP

      24576:Lycx3lKT/xkzqiJ8Il1MxahapobRFBEORbhJa5dAPABtPBynl/LMM1MNV:+iKT/xdC8IHMchFRRbhcbvBelIM1I

    Score
    10/10
    amadeyredlineladamaridiscoveryevasioninfostealerpersistencespywarestealertrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Windows security modification

      evasiontrojan

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.