Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    707c58d1dbfd454ec4fc46c71.bin

  • Size

    431KB

  • Sample

    230628-rqmzraag9v

  • MD5

    5b3d3e8e90b403a5fa2cf645248140cc

  • SHA1

    47671d9735a22ef14da6c4435dd4d623d43b59f2

  • SHA256

    c72c3cac96cdcdc35cdb13f7e337aec9943a47a68599292aed08646b06e55605

  • SHA512

    322112ddf70e7ccd4f570d17beee521a3038995f9efc11c2dc887eddb9502830442ccfdffc1388063fd20a8b9716279433d7409378f0cbf5fc0c7072f3b2f5fb

  • SSDEEP

    12288:OLBioF10lcthkdOqBIoVSq+wmPEKrXwF8:OLwoF1xDqBIoVSDPEKrXp

Malware Config

Extracted

Family

redline

Botnet

drake

C2

83.97.73.131:19071

Attributes
  • auth_value

    74ce6ffe4025a2e4027fb727915e7d7c

Extracted

Family

amadey

Version

3.84

C2

77.91.68.63/doma/net/index.php

Targets

    • Target

      d2834fa972322f62bd9f84ab763de4f1a3f047e5d713255fef91ef17da392f8e.exe

    • Size

      508KB

    • MD5

      707c58d1dbfd454ec4fc46c717deeae3

    • SHA1

      e403877bc39370411de7d96ef6e92a6876d9faa5

    • SHA256

      d2834fa972322f62bd9f84ab763de4f1a3f047e5d713255fef91ef17da392f8e

    • SHA512

      e42b7afc9d0845b8e8657eeaba93ae5095f2bd05f750ccf6385a79f650c0333f972215ffe00bad461dd29ca018a91caf512bc8543bd59f45e23847db78638217

    • SSDEEP

      12288:ntOy03z+7mXpO8kFqKoAZlpPH17BoS4jBHQ:sy0g4O8pKowTv17VoBHQ

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks