Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    83033d4f85de4e7df83c4cba30ef9c1a960e8aeb15660f7ea55c7a2d623da803

  • Size

    390KB

  • Sample

    230719-ds4hmagb5y

  • MD5

    0bf5419bf8ee03aa4662c39a58fc024c

  • SHA1

    570d157e4d29bd3ab2f1cc64245388ccd9c6517f

  • SHA256

    83033d4f85de4e7df83c4cba30ef9c1a960e8aeb15660f7ea55c7a2d623da803

  • SHA512

    6eaeee98285b86058391263e6f15c8f7e9f392b6ab850e39fdcc8dea64fae3e5163a5895184fefdf54b1aca34927cb0920d6acdcbe4b51a74f4e6a0113a8cff3

  • SSDEEP

    6144:Kfy+bnr+4p0yN90QEztbWn2qkWcnZNbQR5nQ4K5cCdb5YVlol+Qb4w/a1Lk:JMrEy90Rwn2zmEl+f1Lk

Malware Config

Extracted

Family

amadey

Version

3.85

C2

77.91.68.3/home/love/index.php

Extracted

Family

redline

Botnet

roma

C2

77.91.68.56:19071

Attributes
  • auth_value

    f099c2cf92834dbc554a94e1456cf576

Targets

    • Target

      83033d4f85de4e7df83c4cba30ef9c1a960e8aeb15660f7ea55c7a2d623da803

    • Size

      390KB

    • MD5

      0bf5419bf8ee03aa4662c39a58fc024c

    • SHA1

      570d157e4d29bd3ab2f1cc64245388ccd9c6517f

    • SHA256

      83033d4f85de4e7df83c4cba30ef9c1a960e8aeb15660f7ea55c7a2d623da803

    • SHA512

      6eaeee98285b86058391263e6f15c8f7e9f392b6ab850e39fdcc8dea64fae3e5163a5895184fefdf54b1aca34927cb0920d6acdcbe4b51a74f4e6a0113a8cff3

    • SSDEEP

      6144:Kfy+bnr+4p0yN90QEztbWn2qkWcnZNbQR5nQ4K5cCdb5YVlol+Qb4w/a1Lk:JMrEy90Rwn2zmEl+f1Lk

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks