Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b080be2e4d21d99e0ff80ca0bdc49cad9e0a54b2faf3cf7898acc08e86765a9c

  • Size

    945KB

  • Sample

    230414-btn38agg9v

  • MD5

    3b33b7b288f4a9d7abf329c5e57c3fb9

  • SHA1

    669da1b989815b18adc7aadd0f7b58549623d160

  • SHA256

    b080be2e4d21d99e0ff80ca0bdc49cad9e0a54b2faf3cf7898acc08e86765a9c

  • SHA512

    8976e32fbe386b2a6bcf9611f6211fe8c7d5f053048defad0afe677c520e381bf00580599c0b987e036931d43bf762f689de03402c12996ce8ecfacab9b06963

  • SSDEEP

    12288:SMrsy90bkn5xIFmjqn8Z+n+/jTFQjltD+Jv7tvf1wD/xB7xqI72hv+F8f1RTaljK:qyR5xlqQNQjfsv7tn0/xvamO1daEQm

Malware Config

Extracted

Family

redline

Botnet

lada

C2

185.161.248.90:4125

Attributes
  • auth_value

    0b3678897547fedafe314eda5a2015ba

Extracted

Family

redline

Botnet

disa

C2

185.161.248.90:4125

Attributes
  • auth_value

    93f8c4ca7000e3381dd4b6b86434de05

Targets

    • Target

      b080be2e4d21d99e0ff80ca0bdc49cad9e0a54b2faf3cf7898acc08e86765a9c

    • Size

      945KB

    • MD5

      3b33b7b288f4a9d7abf329c5e57c3fb9

    • SHA1

      669da1b989815b18adc7aadd0f7b58549623d160

    • SHA256

      b080be2e4d21d99e0ff80ca0bdc49cad9e0a54b2faf3cf7898acc08e86765a9c

    • SHA512

      8976e32fbe386b2a6bcf9611f6211fe8c7d5f053048defad0afe677c520e381bf00580599c0b987e036931d43bf762f689de03402c12996ce8ecfacab9b06963

    • SSDEEP

      12288:SMrsy90bkn5xIFmjqn8Z+n+/jTFQjltD+Jv7tvf1wD/xB7xqI72hv+F8f1RTaljK:qyR5xlqQNQjfsv7tn0/xvamO1daEQm

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks