Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    76ce55b4d5a119f06c367a346ae1862c303beb76b2c774f07526af067c28579e

  • Size

    390KB

  • Sample

    230719-ref23agf62

  • MD5

    58d3d7b38cdf565f40600c4f84de48d7

  • SHA1

    bfaf48e19cdc476f76cba56d8c3e656eece773cd

  • SHA256

    76ce55b4d5a119f06c367a346ae1862c303beb76b2c774f07526af067c28579e

  • SHA512

    e32a08abd9abfbcc0180d2338d79d9b4f945658481475f600fd517b3626ac3e31eb3ebbc8f88e114ac41a09a3af5bbbd2a56ec77912a7ab73fda6da18eea141f

  • SSDEEP

    6144:KLy+bnr+Wp0yN90QEX8JiDsTwevTqZSJ4cfq4++uf8KnnRUIBr:BMrKy90F4iDuTq0J4c4r8KZr

Malware Config

Extracted

Family

amadey

Version

3.85

C2

77.91.68.3/home/love/index.php

Extracted

Family

redline

Botnet

nasa

C2

77.91.68.68:19071

Attributes
  • auth_value

    6da71218d8a9738ea3a9a78b5677589b

Targets

    • Target

      76ce55b4d5a119f06c367a346ae1862c303beb76b2c774f07526af067c28579e

    • Size

      390KB

    • MD5

      58d3d7b38cdf565f40600c4f84de48d7

    • SHA1

      bfaf48e19cdc476f76cba56d8c3e656eece773cd

    • SHA256

      76ce55b4d5a119f06c367a346ae1862c303beb76b2c774f07526af067c28579e

    • SHA512

      e32a08abd9abfbcc0180d2338d79d9b4f945658481475f600fd517b3626ac3e31eb3ebbc8f88e114ac41a09a3af5bbbd2a56ec77912a7ab73fda6da18eea141f

    • SSDEEP

      6144:KLy+bnr+Wp0yN90QEX8JiDsTwevTqZSJ4cfq4++uf8KnnRUIBr:BMrKy90F4iDuTq0J4c4r8KZr

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks