Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    55e628fb369399b17ab20c8f7f0f31f2dee9b650654e94470223879c7af853e7

  • Size

    787KB

  • Sample

    230615-zkhf3sbc54

  • MD5

    ad1ae95a730c42de259c0c13f03c16fe

  • SHA1

    97c5c21d2d27e80df1190ce7ce22f1ca7af225f2

  • SHA256

    55e628fb369399b17ab20c8f7f0f31f2dee9b650654e94470223879c7af853e7

  • SHA512

    05fb31f70f64de4fcf69f5afe555a93b26b1c9defe6a2fa42dab7d3a8a81cea66b7fb99fc09a68fee03650632c40c405922268244c912dab91e23e4713e45b51

  • SSDEEP

    12288:DMrny908+fPvPWEPrEjY5biv61OkY7dSsTZuTt2IZe54XEToiz6y5pd3U2fR:Iy6PvRjq8C7tZbR54XETrfR

Malware Config

Extracted

Family

redline

Botnet

joker

C2

83.97.73.130:19061

Attributes
  • auth_value

    a98d303cc28bb3b32a23c59214ae3bc0

Extracted

Family

redline

Botnet

lana

C2

83.97.73.130:19061

Attributes
  • auth_value

    abf586398e9d8028235753690306b7fa

Extracted

Family

amadey

Version

3.81

C2

95.214.27.98/cronus/index.php

Targets

    • Target

      55e628fb369399b17ab20c8f7f0f31f2dee9b650654e94470223879c7af853e7

    • Size

      787KB

    • MD5

      ad1ae95a730c42de259c0c13f03c16fe

    • SHA1

      97c5c21d2d27e80df1190ce7ce22f1ca7af225f2

    • SHA256

      55e628fb369399b17ab20c8f7f0f31f2dee9b650654e94470223879c7af853e7

    • SHA512

      05fb31f70f64de4fcf69f5afe555a93b26b1c9defe6a2fa42dab7d3a8a81cea66b7fb99fc09a68fee03650632c40c405922268244c912dab91e23e4713e45b51

    • SSDEEP

      12288:DMrny908+fPvPWEPrEjY5biv61OkY7dSsTZuTt2IZe54XEToiz6y5pd3U2fR:Iy6PvRjq8C7tZbR54XETrfR

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks