Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0b1f8b8a80108e2426e367ff13c6f2024492e51fc26f0fb66fcd1c1ead02f285

  • Size

    390KB

  • Sample

    230718-2ldwdsec94

  • MD5

    57056d25d965488be02ed6a4efc3ac30

  • SHA1

    f335f22a26a34391a596f12340fbe51cebc23f1e

  • SHA256

    0b1f8b8a80108e2426e367ff13c6f2024492e51fc26f0fb66fcd1c1ead02f285

  • SHA512

    12475f6218a0e0ad5a90e6663c86756e5aa98935ce8de022ca1f5688fe2580302975f5d3b08e32bbf1cd20d748fee88e9998b35eb0f6e5d4bad11a6673dd175f

  • SSDEEP

    12288:6Mr8y90BBcmlfbq4z1QjUgZ68xdrkwcHnl9oRNJ:yy+BcmoESj50tH05

Malware Config

Extracted

Family

amadey

Version

3.85

C2

77.91.68.3/home/love/index.php

Extracted

Family

redline

Botnet

roma

C2

77.91.68.56:19071

Attributes
  • auth_value

    f099c2cf92834dbc554a94e1456cf576

Targets

    • Target

      0b1f8b8a80108e2426e367ff13c6f2024492e51fc26f0fb66fcd1c1ead02f285

    • Size

      390KB

    • MD5

      57056d25d965488be02ed6a4efc3ac30

    • SHA1

      f335f22a26a34391a596f12340fbe51cebc23f1e

    • SHA256

      0b1f8b8a80108e2426e367ff13c6f2024492e51fc26f0fb66fcd1c1ead02f285

    • SHA512

      12475f6218a0e0ad5a90e6663c86756e5aa98935ce8de022ca1f5688fe2580302975f5d3b08e32bbf1cd20d748fee88e9998b35eb0f6e5d4bad11a6673dd175f

    • SSDEEP

      12288:6Mr8y90BBcmlfbq4z1QjUgZ68xdrkwcHnl9oRNJ:yy+BcmoESj50tH05

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks