Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9cc861a57c68c51405b4412076eb8b42fb883a1d2571991669481e332705e1da

  • Size

    390KB

  • Sample

    230720-bmlphsca64

  • MD5

    e9232eb83b97b39fc80f983a108d5bed

  • SHA1

    bdefc42219cd4482a72bf89d4347d3c78f268727

  • SHA256

    9cc861a57c68c51405b4412076eb8b42fb883a1d2571991669481e332705e1da

  • SHA512

    cd2eb5f5a2017257e1bb1c20d65e1efdf4b2b77ff17b10928fa8ee1e376c96d07aad3aeb0143bedad158cb5e4af58a9f88d11849779389e934f636f9dd2a5e1e

  • SSDEEP

    12288:SMrVy90botet015tPMcRqaHJcHnl9z65zXRD:DyTtet0zPqO+Hv6vD

Malware Config

Extracted

Family

amadey

Version

3.85

C2

77.91.68.3/home/love/index.php

Extracted

Family

redline

Botnet

nasa

C2

77.91.68.68:19071

Attributes
  • auth_value

    6da71218d8a9738ea3a9a78b5677589b

Targets

    • Target

      9cc861a57c68c51405b4412076eb8b42fb883a1d2571991669481e332705e1da

    • Size

      390KB

    • MD5

      e9232eb83b97b39fc80f983a108d5bed

    • SHA1

      bdefc42219cd4482a72bf89d4347d3c78f268727

    • SHA256

      9cc861a57c68c51405b4412076eb8b42fb883a1d2571991669481e332705e1da

    • SHA512

      cd2eb5f5a2017257e1bb1c20d65e1efdf4b2b77ff17b10928fa8ee1e376c96d07aad3aeb0143bedad158cb5e4af58a9f88d11849779389e934f636f9dd2a5e1e

    • SSDEEP

      12288:SMrVy90botet015tPMcRqaHJcHnl9z65zXRD:DyTtet0zPqO+Hv6vD

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks