Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    bfb9673aa05a5ffe99bf6dbe80e621e2c6d1883e132a4d6888430b5913a1d69b

  • Size

    801KB

  • Sample

    230616-kt178aea92

  • MD5

    a5526238e78f6e7e9463f06448dd210a

  • SHA1

    926e75fee8c64cbdc2c20be74eec713f2cdc2fde

  • SHA256

    bfb9673aa05a5ffe99bf6dbe80e621e2c6d1883e132a4d6888430b5913a1d69b

  • SHA512

    539b1c221a16de23eed19b6ab8f656ce502d65711178d9c157945f52fb2bc3a5ea9f6598e3cb0f685b9d95b3b48ac967288b597eda8cf476dba561efedfeb488

  • SSDEEP

    24576:4yqupAOP4UhyTMY4w6hiZaG64O0F0EZul:/NivUhIMRdhId7k

Malware Config

Extracted

Family

redline

Botnet

joker

C2

83.97.73.130:19061

Attributes
  • auth_value

    a98d303cc28bb3b32a23c59214ae3bc0

Extracted

Family

redline

Botnet

mana

C2

83.97.73.130:19061

Attributes
  • auth_value

    4f5139d6c845fe72d05faf05763b6c31

Extracted

Family

amadey

Version

3.84

C2

77.91.68.63/doma/net/index.php

Targets

    • Target

      bfb9673aa05a5ffe99bf6dbe80e621e2c6d1883e132a4d6888430b5913a1d69b

    • Size

      801KB

    • MD5

      a5526238e78f6e7e9463f06448dd210a

    • SHA1

      926e75fee8c64cbdc2c20be74eec713f2cdc2fde

    • SHA256

      bfb9673aa05a5ffe99bf6dbe80e621e2c6d1883e132a4d6888430b5913a1d69b

    • SHA512

      539b1c221a16de23eed19b6ab8f656ce502d65711178d9c157945f52fb2bc3a5ea9f6598e3cb0f685b9d95b3b48ac967288b597eda8cf476dba561efedfeb488

    • SSDEEP

      24576:4yqupAOP4UhyTMY4w6hiZaG64O0F0EZul:/NivUhIMRdhId7k

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks