Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d61f94d9863a274aab18bf36abd9eb9f0b92e571abecc62ddbaf8aac9b040f08

  • Size

    517KB

  • Sample

    230801-etdh9sed6v

  • MD5

    ed63ae4f8ac418d16039f5d1defe4572

  • SHA1

    37070a2a531208c002b61fe03427944070dc87d9

  • SHA256

    d61f94d9863a274aab18bf36abd9eb9f0b92e571abecc62ddbaf8aac9b040f08

  • SHA512

    c343f85a911382d4111a1d1cbd3699384f4151fab6ff52f660cc724e8348748b111258da36943883de77a581adc539c86b7be13f697c9b73d1478c842166d60f

  • SSDEEP

    12288:oMrty90u9tQ0zvmwL9DCo/CU1aSIH3LZQ+oI/6WMY+gBYCs39wJTv:1yTtQ2tDbqU1g3LDv9xzo6Tv

Malware Config

Extracted

Family

amadey

Version

3.86

C2

77.91.68.61/rock/index.php

Extracted

Family

redline

Botnet

lodka

C2

77.91.124.156:19071

Attributes
  • auth_value

    76f99d6cc9332c02bb9728c3ba80d3a9

Targets

    • Target

      d61f94d9863a274aab18bf36abd9eb9f0b92e571abecc62ddbaf8aac9b040f08

    • Size

      517KB

    • MD5

      ed63ae4f8ac418d16039f5d1defe4572

    • SHA1

      37070a2a531208c002b61fe03427944070dc87d9

    • SHA256

      d61f94d9863a274aab18bf36abd9eb9f0b92e571abecc62ddbaf8aac9b040f08

    • SHA512

      c343f85a911382d4111a1d1cbd3699384f4151fab6ff52f660cc724e8348748b111258da36943883de77a581adc539c86b7be13f697c9b73d1478c842166d60f

    • SSDEEP

      12288:oMrty90u9tQ0zvmwL9DCo/CU1aSIH3LZQ+oI/6WMY+gBYCs39wJTv:1yTtQ2tDbqU1g3LDv9xzo6Tv

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks