Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5f23f6acdfc7d00a2eaadafe4a69c8a0.exe

  • Size

    680KB

  • Sample

    230804-17cd1sef44

  • MD5

    5f23f6acdfc7d00a2eaadafe4a69c8a0

  • SHA1

    8d26df7b4eb3a269704110a1dd3ae4943ed5deed

  • SHA256

    10c14c8b65fdeb72ea10c327213f511d0a5de9b456d2a9c937c53964dbc677d6

  • SHA512

    c6811a1c13cbf7c5af6be7fd1bfebe88dc0c1027a9d2260b7a71ee3640321a6b6aa4a80ab3352358f53fe3fffc0ed941295a8fdf159325c204c72df3253c2e27

  • SSDEEP

    12288:iMrsy90Ap8h1euY0nRP149zP8r3c9fE3SFKNU0Gefpgp6lP4B:Ky58HP1WkI983SFoUVef81B

Malware Config

Extracted

Family

amadey

Version

3.86

C2

77.91.68.61/rock/index.php

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32
rc4.i32

Extracted

Family

redline

Botnet

micky

C2

77.91.124.172:19071

Attributes
  • auth_value

    748f3c67c004f4a994500f05127b4428

Targets

    • Target

      5f23f6acdfc7d00a2eaadafe4a69c8a0.exe

    • Size

      680KB

    • MD5

      5f23f6acdfc7d00a2eaadafe4a69c8a0

    • SHA1

      8d26df7b4eb3a269704110a1dd3ae4943ed5deed

    • SHA256

      10c14c8b65fdeb72ea10c327213f511d0a5de9b456d2a9c937c53964dbc677d6

    • SHA512

      c6811a1c13cbf7c5af6be7fd1bfebe88dc0c1027a9d2260b7a71ee3640321a6b6aa4a80ab3352358f53fe3fffc0ed941295a8fdf159325c204c72df3253c2e27

    • SSDEEP

      12288:iMrsy90Ap8h1euY0nRP149zP8r3c9fE3SFKNU0Gefpgp6lP4B:Ky58HP1WkI983SFoUVef81B

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks