Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b0c440f95f7efa1f5f64e83cc7e2032190e0488cfc82ee448f88f4687e53a08a

  • Size

    390KB

  • Sample

    230720-f4ve7sdd8z

  • MD5

    bcbf3cdfecb03571cf32bc1abb7fd9fa

  • SHA1

    46d7f5b6b9074ea2ae1a3d9983262fd11813b634

  • SHA256

    b0c440f95f7efa1f5f64e83cc7e2032190e0488cfc82ee448f88f4687e53a08a

  • SHA512

    7a19cb20e8181c61041a9b7dcdf7170fc61016d020e30420e6476b435da4c49ebd1f3639fb8cb60cf6235a3130156bf598634c374658528cb0bbcc770010b12e

  • SSDEEP

    12288:3MrEy90KT7rREam9yOHkcHnl9HN7bXQP:byFLREamkarH71w

Malware Config

Extracted

Family

amadey

Version

3.85

C2

77.91.68.3/home/love/index.php

Extracted

Family

redline

Botnet

nasa

C2

77.91.68.68:19071

Attributes
  • auth_value

    6da71218d8a9738ea3a9a78b5677589b

Targets

    • Target

      b0c440f95f7efa1f5f64e83cc7e2032190e0488cfc82ee448f88f4687e53a08a

    • Size

      390KB

    • MD5

      bcbf3cdfecb03571cf32bc1abb7fd9fa

    • SHA1

      46d7f5b6b9074ea2ae1a3d9983262fd11813b634

    • SHA256

      b0c440f95f7efa1f5f64e83cc7e2032190e0488cfc82ee448f88f4687e53a08a

    • SHA512

      7a19cb20e8181c61041a9b7dcdf7170fc61016d020e30420e6476b435da4c49ebd1f3639fb8cb60cf6235a3130156bf598634c374658528cb0bbcc770010b12e

    • SSDEEP

      12288:3MrEy90KT7rREam9yOHkcHnl9HN7bXQP:byFLREamkarH71w

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks