Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    626a905fc75183af328c00ab6e9b4d8917c9308ccdaba6071e1c0ad8616530f5

  • Size

    555KB

  • Sample

    230805-1ts5lsgc8x

  • MD5

    12da61e1bb7a1f42ec3a5f9b93efb704

  • SHA1

    38ed54e6f84067c71f99430bb6781a68ff9a3be6

  • SHA256

    626a905fc75183af328c00ab6e9b4d8917c9308ccdaba6071e1c0ad8616530f5

  • SHA512

    34334ee280f9e1ed4ff8bf5c61e9943c6e36aeeb95810315d7f27b8eedcba42d9f28150b10346da13ebc41dc977900a2fc723f6c45b9125b373706716c85b139

  • SSDEEP

    12288:zMryy90FqPp4FH02JurIeg9aAYOCgBYCk0wLd0AZ636+0+y1:pywqCZJiICOzOR0Ac3ha1

Malware Config

Extracted

Family

amadey

Version

3.86

C2

77.91.68.61/rock/index.php

Extracted

Family

redline

Botnet

savin

C2

77.91.124.156:19071

Attributes
  • auth_value

    a1a05b810428195ab7bb63b132ea0c8d

Targets

    • Target

      626a905fc75183af328c00ab6e9b4d8917c9308ccdaba6071e1c0ad8616530f5

    • Size

      555KB

    • MD5

      12da61e1bb7a1f42ec3a5f9b93efb704

    • SHA1

      38ed54e6f84067c71f99430bb6781a68ff9a3be6

    • SHA256

      626a905fc75183af328c00ab6e9b4d8917c9308ccdaba6071e1c0ad8616530f5

    • SHA512

      34334ee280f9e1ed4ff8bf5c61e9943c6e36aeeb95810315d7f27b8eedcba42d9f28150b10346da13ebc41dc977900a2fc723f6c45b9125b373706716c85b139

    • SSDEEP

      12288:zMryy90FqPp4FH02JurIeg9aAYOCgBYCk0wLd0AZ636+0+y1:pywqCZJiICOzOR0Ac3ha1

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks