Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2e86d3fc5d4194ea99d9d18407169d0a4f1ef70e1f6763796aa498f55c568853

  • Size

    390KB

  • Sample

    230717-acpsrahd82

  • MD5

    a0fe69670671b4867f4a47b9532cdc78

  • SHA1

    efe66d739057b14127368dad47b88f3b8caefe91

  • SHA256

    2e86d3fc5d4194ea99d9d18407169d0a4f1ef70e1f6763796aa498f55c568853

  • SHA512

    cc4509bc3ffc1a7484e06c8931c7eebeb7bfcc08a82800f0989d01a657e3ad3518369c5cdf2dffafbc3b3793e13d94bccad9e8291d08b5975dbcef1c6768a8c4

  • SSDEEP

    6144:K6y+bnr+9p0yN90QEnSGcHSVvb46L6hGlxygsnnNLvYpGtxSzKswLpf42aYlzckU:aMrVy90InyVDMnNbue35BmG3L0

Malware Config

Extracted

Family

amadey

Version

3.85

C2

77.91.68.3/home/love/index.php

Extracted

Family

redline

Botnet

zahar

C2

77.91.68.56:19071

Attributes
  • auth_value

    94c55a31fcf1761f07eeb4a0c6fb74fa

Targets

    • Target

      2e86d3fc5d4194ea99d9d18407169d0a4f1ef70e1f6763796aa498f55c568853

    • Size

      390KB

    • MD5

      a0fe69670671b4867f4a47b9532cdc78

    • SHA1

      efe66d739057b14127368dad47b88f3b8caefe91

    • SHA256

      2e86d3fc5d4194ea99d9d18407169d0a4f1ef70e1f6763796aa498f55c568853

    • SHA512

      cc4509bc3ffc1a7484e06c8931c7eebeb7bfcc08a82800f0989d01a657e3ad3518369c5cdf2dffafbc3b3793e13d94bccad9e8291d08b5975dbcef1c6768a8c4

    • SSDEEP

      6144:K6y+bnr+9p0yN90QEnSGcHSVvb46L6hGlxygsnnNLvYpGtxSzKswLpf42aYlzckU:aMrVy90InyVDMnNbue35BmG3L0

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks