Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ee2406a131ec6e3d4d8e1f0ddd3cb533221546707b94878e6e55636464ada65d

  • Size

    680KB

  • Sample

    230804-myqcmabf91

  • MD5

    af39a06d112b58d6343e8442416ea389

  • SHA1

    f852716981683a885b9417ce6ff0b4ca74b7fd64

  • SHA256

    ee2406a131ec6e3d4d8e1f0ddd3cb533221546707b94878e6e55636464ada65d

  • SHA512

    f11f51c9c8bb866e0b323ef74a04747cab297776969f10256def189378d54fc6fb5e17c1d0bcfca9402bd4e56cef23dac965f8ef65646599ca85f17a3a0bebd0

  • SSDEEP

    12288:LMrKy90wxWNzFFZZXQDp6krbXxji05oVNLgWP59aFYtH6L6GAj2ELJCsB:5ytxWNRTWkkrbBpaRkSJq6ZB

Malware Config

Extracted

Family

amadey

Version

3.86

C2

77.91.68.61/rock/index.php

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32
rc4.i32

Extracted

Family

redline

Botnet

maxik

C2

77.91.124.156:19071

Attributes
  • auth_value

    a7714e1bc167c67e3fc8f9e368352269

Targets

    • Target

      ee2406a131ec6e3d4d8e1f0ddd3cb533221546707b94878e6e55636464ada65d

    • Size

      680KB

    • MD5

      af39a06d112b58d6343e8442416ea389

    • SHA1

      f852716981683a885b9417ce6ff0b4ca74b7fd64

    • SHA256

      ee2406a131ec6e3d4d8e1f0ddd3cb533221546707b94878e6e55636464ada65d

    • SHA512

      f11f51c9c8bb866e0b323ef74a04747cab297776969f10256def189378d54fc6fb5e17c1d0bcfca9402bd4e56cef23dac965f8ef65646599ca85f17a3a0bebd0

    • SSDEEP

      12288:LMrKy90wxWNzFFZZXQDp6krbXxji05oVNLgWP59aFYtH6L6GAj2ELJCsB:5ytxWNRTWkkrbBpaRkSJq6ZB

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks