Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    80f00ecb0ac14402b87456fd2b1be3fee8bfea3d23bd9cc3c5486f913cd5c326

  • Size

    390KB

  • Sample

    230722-m91yhabb8z

  • MD5

    c38aadc7ca70a7538e085c72737ae237

  • SHA1

    fe1411cad2774d87b74d1a3c2976f8fa390383ad

  • SHA256

    80f00ecb0ac14402b87456fd2b1be3fee8bfea3d23bd9cc3c5486f913cd5c326

  • SHA512

    f837dcb43d6d56174d22048471adbda9873a01faf7a47e6f2a62cfe056b0078cf84c1bd454b3ee243ab509a6cbb445e6957e44a677a0752ac23fe3f55a6db5ae

  • SSDEEP

    6144:Kxy+bnr+Up0yN90QEtmjgV2ZSXa8Pb46LahUN6cFsD8RRuQTWlN9+gk++:TMrYy90TRVnq8syHfRRq6XJ

Malware Config

Extracted

Family

amadey

Version

3.85

C2

77.91.68.3/home/love/index.php

Extracted

Family

redline

Botnet

grom

C2

77.91.68.68:19071

Attributes
  • auth_value

    9ec3129bff410b89097d656d7abc33dc

Targets

    • Target

      80f00ecb0ac14402b87456fd2b1be3fee8bfea3d23bd9cc3c5486f913cd5c326

    • Size

      390KB

    • MD5

      c38aadc7ca70a7538e085c72737ae237

    • SHA1

      fe1411cad2774d87b74d1a3c2976f8fa390383ad

    • SHA256

      80f00ecb0ac14402b87456fd2b1be3fee8bfea3d23bd9cc3c5486f913cd5c326

    • SHA512

      f837dcb43d6d56174d22048471adbda9873a01faf7a47e6f2a62cfe056b0078cf84c1bd454b3ee243ab509a6cbb445e6957e44a677a0752ac23fe3f55a6db5ae

    • SSDEEP

      6144:Kxy+bnr+Up0yN90QEtmjgV2ZSXa8Pb46LahUN6cFsD8RRuQTWlN9+gk++:TMrYy90TRVnq8syHfRRq6XJ

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks