Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9eee7e499856768682f1beb463577ac3d88ca42d142b2e21f53ddf85969c554f

  • Size

    390KB

  • Sample

    230720-p7enlahb7t

  • MD5

    83dcfc8716de4a6c61ba1ddfe57a0a7f

  • SHA1

    6e5c04c5b704a4c2cedeb2e95f47feb3a5e6e1a3

  • SHA256

    9eee7e499856768682f1beb463577ac3d88ca42d142b2e21f53ddf85969c554f

  • SHA512

    88472924e420d46b5456adf9108fb481376c4d467823073434bd2f35d2872afda1ed3d258dd1447e198329173166e1dcbe0949ab3a590b37b661325ce9482e7a

  • SSDEEP

    6144:KCy+bnr+8p0yN90QECeQ0NSonpYjDSynG1xh2/jdmtq3CcHnlRH6cuy9vnkXo:eMrYy904HxVKT2aqycHnl9t79sY

Malware Config

Extracted

Family

amadey

Version

3.85

C2

77.91.68.3/home/love/index.php

Extracted

Family

redline

Botnet

nasa

C2

77.91.68.68:19071

Attributes
  • auth_value

    6da71218d8a9738ea3a9a78b5677589b

Targets

    • Target

      9eee7e499856768682f1beb463577ac3d88ca42d142b2e21f53ddf85969c554f

    • Size

      390KB

    • MD5

      83dcfc8716de4a6c61ba1ddfe57a0a7f

    • SHA1

      6e5c04c5b704a4c2cedeb2e95f47feb3a5e6e1a3

    • SHA256

      9eee7e499856768682f1beb463577ac3d88ca42d142b2e21f53ddf85969c554f

    • SHA512

      88472924e420d46b5456adf9108fb481376c4d467823073434bd2f35d2872afda1ed3d258dd1447e198329173166e1dcbe0949ab3a590b37b661325ce9482e7a

    • SSDEEP

      6144:KCy+bnr+8p0yN90QECeQ0NSonpYjDSynG1xh2/jdmtq3CcHnlRH6cuy9vnkXo:eMrYy904HxVKT2aqycHnl9t79sY

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks