Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

a52fb507ba...e9.exe

windows7-x64

10

a52fb507ba...e9.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a52fb507bac619f7ded1d68511dd94e9.exe

  • Size

    526KB

  • Sample

    230703-ecr1bsfg6s

  • MD5

    a52fb507bac619f7ded1d68511dd94e9

  • SHA1

    1d6980ad116ad527c20f9c3d327be44d9b33b376

  • SHA256

    72a2b9571eec2590fab63fdc9459381ea501ac2459b692f088fe43ea83ff62b0

  • SHA512

    5d5cc9fab83cfc58cb9a883a82259d62f023330d1370754e3ca641861405413b90288323bac55a3506bf42dad59ac43efbe5dbfa40afc40fe623be41b69dad40

  • SSDEEP

    12288:AZLtt3Q2PBsjs5N3Cwr/blrsHtSdgzbN7PjIOun:AZLttJas5N3hbblc2KbNkn

Score
10/10
amadeyredlineandrediscoveryevasioninfostealerpersistencespywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

andre

C2

77.91.124.49:19073

Attributes
  • auth_value

    8e5522dc6bdb7e288797bc46c2687b12

Extracted

Family

amadey

Version

3.84

C2

77.91.68.63/doma/net/index.php

Targets

    • Target

      a52fb507bac619f7ded1d68511dd94e9.exe

    • Size

      526KB

    • MD5

      a52fb507bac619f7ded1d68511dd94e9

    • SHA1

      1d6980ad116ad527c20f9c3d327be44d9b33b376

    • SHA256

      72a2b9571eec2590fab63fdc9459381ea501ac2459b692f088fe43ea83ff62b0

    • SHA512

      5d5cc9fab83cfc58cb9a883a82259d62f023330d1370754e3ca641861405413b90288323bac55a3506bf42dad59ac43efbe5dbfa40afc40fe623be41b69dad40

    • SSDEEP

      12288:AZLtt3Q2PBsjs5N3Cwr/blrsHtSdgzbN7PjIOun:AZLttJas5N3hbblc2KbNkn

    Score
    10/10
    amadeyredlineandrediscoveryevasioninfostealerpersistencespywarestealertrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Detects Healer an antivirus disabler dropper

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks