Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    17ab6ab8c7d6eed36a4f55bd575900bce64ad789ab6d9e9979024f989af09fb5

  • Size

    390KB

  • Sample

    230718-2ww5qafb51

  • MD5

    9ecfaaac1e320d1d17227eb0e548f8ea

  • SHA1

    c74daf5ae0a1729c09874efbc35d9d19abf35323

  • SHA256

    17ab6ab8c7d6eed36a4f55bd575900bce64ad789ab6d9e9979024f989af09fb5

  • SHA512

    bb349f6351b7f4fbdd4a8e6306e7751433ccb764ac751e8add1d8535d89eea434a33d4469b3004073ae9fde20c2787270ff461fc9c9d2e8fe29a3dd4b505dfc8

  • SSDEEP

    6144:Kiy+bnr+sp0yN90QESxln50gGTl22NgvtkP+qoWCcHnlRHKH3DfZd/R4xHH0X:mMrcy90UaBTnN8++qoXcHnl9QF349m

Malware Config

Extracted

Family

amadey

Version

3.85

C2

77.91.68.3/home/love/index.php

Extracted

Family

redline

Botnet

roma

C2

77.91.68.56:19071

Attributes
  • auth_value

    f099c2cf92834dbc554a94e1456cf576

Targets

    • Target

      17ab6ab8c7d6eed36a4f55bd575900bce64ad789ab6d9e9979024f989af09fb5

    • Size

      390KB

    • MD5

      9ecfaaac1e320d1d17227eb0e548f8ea

    • SHA1

      c74daf5ae0a1729c09874efbc35d9d19abf35323

    • SHA256

      17ab6ab8c7d6eed36a4f55bd575900bce64ad789ab6d9e9979024f989af09fb5

    • SHA512

      bb349f6351b7f4fbdd4a8e6306e7751433ccb764ac751e8add1d8535d89eea434a33d4469b3004073ae9fde20c2787270ff461fc9c9d2e8fe29a3dd4b505dfc8

    • SSDEEP

      6144:Kiy+bnr+sp0yN90QESxln50gGTl22NgvtkP+qoWCcHnlRHKH3DfZd/R4xHH0X:mMrcy90UaBTnN8++qoXcHnl9QF349m

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks