Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a6dc001178b86faabb5eed1d9086b780d903e6e7752dd6017cd9bd650a97870d

  • Size

    560KB

  • Sample

    230804-15xl6sfh6v

  • MD5

    dcc6ddc958b4487a5681c9849fa13159

  • SHA1

    d4e71015f3101e84b5064779919438c36fdea40b

  • SHA256

    a6dc001178b86faabb5eed1d9086b780d903e6e7752dd6017cd9bd650a97870d

  • SHA512

    85c50aea35519842a10b133ae4d5ffc195375963543dc970b3489ff427db93af7dd33ec34c7d1256ce9a9a8400c2fb01f309bdb6e42589924871bd7d6ace4409

  • SSDEEP

    12288:UMrGy90PaoR1L4NYJYQ3Og/gbaUoyaBgiBus9FqSNZ:Ky8p4Q8eUoyyg7UES

Malware Config

Extracted

Family

amadey

Version

3.87

C2

193.233.255.9/nasa/index.php

Extracted

Family

redline

Botnet

micky

C2

77.91.124.172:19071

Attributes
  • auth_value

    748f3c67c004f4a994500f05127b4428

Targets

    • Target

      a6dc001178b86faabb5eed1d9086b780d903e6e7752dd6017cd9bd650a97870d

    • Size

      560KB

    • MD5

      dcc6ddc958b4487a5681c9849fa13159

    • SHA1

      d4e71015f3101e84b5064779919438c36fdea40b

    • SHA256

      a6dc001178b86faabb5eed1d9086b780d903e6e7752dd6017cd9bd650a97870d

    • SHA512

      85c50aea35519842a10b133ae4d5ffc195375963543dc970b3489ff427db93af7dd33ec34c7d1256ce9a9a8400c2fb01f309bdb6e42589924871bd7d6ace4409

    • SSDEEP

      12288:UMrGy90PaoR1L4NYJYQ3Og/gbaUoyaBgiBus9FqSNZ:Ky8p4Q8eUoyyg7UES

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks