Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    788KB

  • Sample

    230702-wh1cbsdd9x

  • MD5

    4ec009aced1f12f7d9a6a267d07763b4

  • SHA1

    898696448b7540b4921ca3ff088f111cd67f7cf6

  • SHA256

    e7b514d699390c69471df9d956c2d8b560c40f8162550cc40d5cf08bdb40fe3b

  • SHA512

    5810be0f7a4261f0cb273df39596d60415355aec5c9b1a2ea716e3089c4091007fe6153501d1717efe3a03e58598795ae91b4c3cf9a5ce5637b6578f0de46d0a

  • SSDEEP

    12288:djn18iQ2PBsXwuvPNEDohqXHFwFLz9/j/pizyRbVuID8RISSrXKQIK8KM:djn18S2CDoMXqFBpY/FOSSrae4

Malware Config

Extracted

Family

redline

Botnet

matiz

C2

77.91.124.49:19073

Attributes
  • auth_value

    2d3267fe8e3910d278274f80e6a1cd2e

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32
rc4.i32

Extracted

Family

amadey

Version

3.84

C2

77.91.68.63/doma/net/index.php

Targets

    • Target

      file.exe

    • Size

      788KB

    • MD5

      4ec009aced1f12f7d9a6a267d07763b4

    • SHA1

      898696448b7540b4921ca3ff088f111cd67f7cf6

    • SHA256

      e7b514d699390c69471df9d956c2d8b560c40f8162550cc40d5cf08bdb40fe3b

    • SHA512

      5810be0f7a4261f0cb273df39596d60415355aec5c9b1a2ea716e3089c4091007fe6153501d1717efe3a03e58598795ae91b4c3cf9a5ce5637b6578f0de46d0a

    • SSDEEP

      12288:djn18iQ2PBsXwuvPNEDohqXHFwFLz9/j/pizyRbVuID8RISSrXKQIK8KM:djn18S2CDoMXqFBpY/FOSSrae4

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detects Healer an antivirus disabler dropper

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks