Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e2c7935685082bf8a12edf73cd58a4ff9c84c4ffadd09cc7b5ed477122ee1f83

  • Size

    786KB

  • Sample

    230616-efhk3acf97

  • MD5

    02bd5d70ce9f3cb0587b976d402e628b

  • SHA1

    747dd3637977dd48be360edb8d77184b8a7cbf7b

  • SHA256

    e2c7935685082bf8a12edf73cd58a4ff9c84c4ffadd09cc7b5ed477122ee1f83

  • SHA512

    4d4457040890463ba7bb548a28efa7875b4a5e517e5447ac622095d9153d88294dfbc10d91c12e5a6f67077a8064e191a0aeb3d9786c5c84e5fd44c8fd6ff6f6

  • SSDEEP

    24576:7yR2gWG/vY0iy6Kc4WxekYYLP/bxsPpGPzCbi:uR2g//vP6Kcrqhy2b

Malware Config

Extracted

Family

redline

Botnet

joker

C2

83.97.73.130:19061

Attributes
  • auth_value

    a98d303cc28bb3b32a23c59214ae3bc0

Extracted

Family

redline

Botnet

mana

C2

83.97.73.130:19061

Attributes
  • auth_value

    4f5139d6c845fe72d05faf05763b6c31

Extracted

Family

amadey

Version

3.84

C2

77.91.68.63/doma/net/index.php

Targets

    • Target

      e2c7935685082bf8a12edf73cd58a4ff9c84c4ffadd09cc7b5ed477122ee1f83

    • Size

      786KB

    • MD5

      02bd5d70ce9f3cb0587b976d402e628b

    • SHA1

      747dd3637977dd48be360edb8d77184b8a7cbf7b

    • SHA256

      e2c7935685082bf8a12edf73cd58a4ff9c84c4ffadd09cc7b5ed477122ee1f83

    • SHA512

      4d4457040890463ba7bb548a28efa7875b4a5e517e5447ac622095d9153d88294dfbc10d91c12e5a6f67077a8064e191a0aeb3d9786c5c84e5fd44c8fd6ff6f6

    • SSDEEP

      24576:7yR2gWG/vY0iy6Kc4WxekYYLP/bxsPpGPzCbi:uR2g//vP6Kcrqhy2b

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks