Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c7a55db1377ed620e3d4c4c0b6b90d25.exe

  • Size

    5.8MB

  • Sample

    230706-gxnvhsaf6z

  • MD5

    c7a55db1377ed620e3d4c4c0b6b90d25

  • SHA1

    4958b9718e3c657ca0412dd7c83ee6c587a93310

  • SHA256

    39943a7f5adbc87c332a71abfe242f8ef797a514e19bec5826c96c5ce71e8781

  • SHA512

    66683d6b18d4a147d659324ac279af93652d96819de4ce7308953b4e6610be78d900406802c61bb8739eefe86a383aeb997f8d0f296f96c585ff54d3685a692d

  • SSDEEP

    98304:UO70lfyix9Ki3V7hXpd00wUnApb95IRQdl1OIgL:UO70lf9x9x3/bXwHG2dl1OI8

Malware Config

Extracted

Family

redline

Botnet

norm

C2

77.91.68.70:19073

Attributes
  • auth_value

    1514e6c0ec3d10a36f68f61b206f5759

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32
rc4.i32

Extracted

Family

amadey

Version

3.84

C2

77.91.68.63/doma/net/index.php

Extracted

Family

redline

Botnet

furod

C2

77.91.68.70:19073

Attributes
  • auth_value

    d2386245fe11799b28b4521492a5879d

Targets

    • Target

      c7a55db1377ed620e3d4c4c0b6b90d25.exe

    • Size

      5.8MB

    • MD5

      c7a55db1377ed620e3d4c4c0b6b90d25

    • SHA1

      4958b9718e3c657ca0412dd7c83ee6c587a93310

    • SHA256

      39943a7f5adbc87c332a71abfe242f8ef797a514e19bec5826c96c5ce71e8781

    • SHA512

      66683d6b18d4a147d659324ac279af93652d96819de4ce7308953b4e6610be78d900406802c61bb8739eefe86a383aeb997f8d0f296f96c585ff54d3685a692d

    • SSDEEP

      98304:UO70lfyix9Ki3V7hXpd00wUnApb95IRQdl1OIgL:UO70lf9x9x3/bXwHG2dl1OI8

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detects Healer an antivirus disabler dropper

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks