Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b2acceb6014fa93a71deb38608df3d8b96ff821b7bb21f1b7a83b2f9f4ff1810

  • Size

    514KB

  • Sample

    230718-xmfddsdb82

  • MD5

    ea5d332d3d98ddfeb266bc9eb3fb2c69

  • SHA1

    0746a112f7f3a2b90d4ad74d4ac46480df3cd532

  • SHA256

    b2acceb6014fa93a71deb38608df3d8b96ff821b7bb21f1b7a83b2f9f4ff1810

  • SHA512

    e53c76dbb45f10a1038c3ecfeb9f79cf68dafa71b46498d610d89232218e01da92094b21ad7e727ab415d2ebf83ee5ee4ce7d328b18bf3b4569c7827871533db

  • SSDEEP

    12288:sMrty90UV8JaExwKsbOJNYQ52EyuoA07OX:xyTdb8NYfEg3a

Malware Config

Extracted

Family

amadey

Version

3.85

C2

77.91.68.3/home/love/index.php

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32
1
0x4b3b02b6
rc4.i32
1
0x6ea683ed

Extracted

Family

redline

Botnet

roma

C2

77.91.68.56:19071

Attributes
  • auth_value

    f099c2cf92834dbc554a94e1456cf576

Targets

    • Target

      b2acceb6014fa93a71deb38608df3d8b96ff821b7bb21f1b7a83b2f9f4ff1810

    • Size

      514KB

    • MD5

      ea5d332d3d98ddfeb266bc9eb3fb2c69

    • SHA1

      0746a112f7f3a2b90d4ad74d4ac46480df3cd532

    • SHA256

      b2acceb6014fa93a71deb38608df3d8b96ff821b7bb21f1b7a83b2f9f4ff1810

    • SHA512

      e53c76dbb45f10a1038c3ecfeb9f79cf68dafa71b46498d610d89232218e01da92094b21ad7e727ab415d2ebf83ee5ee4ce7d328b18bf3b4569c7827871533db

    • SSDEEP

      12288:sMrty90UV8JaExwKsbOJNYQ52EyuoA07OX:xyTdb8NYfEg3a

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.