Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3d3ef1ec8a0681de9038a857381d9cb83014c3723083e3f2ca05ba2214a1607b

  • Size

    733KB

  • Sample

    230616-rn8hnsfd23

  • MD5

    3e20d33d0da00f7c9f7532cbd220cfde

  • SHA1

    26889d676f341d3d3372b7e7b2132e4eb6a226f9

  • SHA256

    3d3ef1ec8a0681de9038a857381d9cb83014c3723083e3f2ca05ba2214a1607b

  • SHA512

    4036ee64a78401033657b277bc36ca2196cf0cf06c9751bb4b86577b07a95da3db87fe0170f6937fb2560f629dab0bfcb4c1ba03c916a9d6fdcdb4c4e7da6d1f

  • SSDEEP

    12288:hMrry90ycvomkV2OyIcGITX5QUyKITJvVVjZE28Dgw/JsX5BAqc1xf23A9:Oy2rkUOylVTXsKITJvbjZEDEwRaDcDOK

Malware Config

Extracted

Family

redline

Botnet

dana

C2

83.97.73.130:19061

Attributes
  • auth_value

    da2d1691db653e49676d799e1eae2673

Extracted

Family

amadey

Version

3.84

C2

77.91.68.63/doma/net/index.php

Extracted

Family

redline

Botnet

grega

C2

83.97.73.130:19061

Attributes
  • auth_value

    16e2fbc2847b2270b3f0679e2dd76c8d

Targets

    • Target

      3d3ef1ec8a0681de9038a857381d9cb83014c3723083e3f2ca05ba2214a1607b

    • Size

      733KB

    • MD5

      3e20d33d0da00f7c9f7532cbd220cfde

    • SHA1

      26889d676f341d3d3372b7e7b2132e4eb6a226f9

    • SHA256

      3d3ef1ec8a0681de9038a857381d9cb83014c3723083e3f2ca05ba2214a1607b

    • SHA512

      4036ee64a78401033657b277bc36ca2196cf0cf06c9751bb4b86577b07a95da3db87fe0170f6937fb2560f629dab0bfcb4c1ba03c916a9d6fdcdb4c4e7da6d1f

    • SSDEEP

      12288:hMrry90ycvomkV2OyIcGITX5QUyKITJvVVjZE28Dgw/JsX5BAqc1xf23A9:Oy2rkUOylVTXsKITJvbjZEDEwRaDcDOK

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks