Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    92a4d829c3820330fa994078e55381384f83ca41371e9.exe

  • Size

    555KB

  • Sample

    230804-xn7h9sfb8v

  • MD5

    c90590d4fd83486527e4f9785c416cb5

  • SHA1

    26fae2d85a9e4f9fdb8f86ef77dd91c9063b8ed6

  • SHA256

    92a4d829c3820330fa994078e55381384f83ca41371e9c9e44d3256402d076c1

  • SHA512

    9b4e49519a179e2b974547b581b46fa83da17b33a6549a148843eb72073640968d3ce5ea5a393a3480cea521e1df702f967cad16b3b841ec5cc0653169f8faff

  • SSDEEP

    12288:cMrry905gkqN39oUNXDtFMt8QzRuWsAFdlyW18KqX:nyEgVtHDtFX9WhRblqX

Malware Config

Extracted

Family

amadey

Version

3.86

C2

77.91.68.61/rock/index.php

Extracted

Family

redline

Botnet

micky

C2

77.91.124.172:19071

Attributes
  • auth_value

    748f3c67c004f4a994500f05127b4428

Targets

    • Target

      92a4d829c3820330fa994078e55381384f83ca41371e9.exe

    • Size

      555KB

    • MD5

      c90590d4fd83486527e4f9785c416cb5

    • SHA1

      26fae2d85a9e4f9fdb8f86ef77dd91c9063b8ed6

    • SHA256

      92a4d829c3820330fa994078e55381384f83ca41371e9c9e44d3256402d076c1

    • SHA512

      9b4e49519a179e2b974547b581b46fa83da17b33a6549a148843eb72073640968d3ce5ea5a393a3480cea521e1df702f967cad16b3b841ec5cc0653169f8faff

    • SSDEEP

      12288:cMrry905gkqN39oUNXDtFMt8QzRuWsAFdlyW18KqX:nyEgVtHDtFX9WhRblqX

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks