Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f8e7c022557ab5356b8ce5dc735337c838cc6c56365ea1faeb10cc2c94942aa4

  • Size

    560KB

  • Sample

    230805-3wqhlsfc74

  • MD5

    cc22b16c2a8a28c84992c3813ae55628

  • SHA1

    6f6966745e962433a1043642fecfd1a273cea8de

  • SHA256

    f8e7c022557ab5356b8ce5dc735337c838cc6c56365ea1faeb10cc2c94942aa4

  • SHA512

    c1d0ce245ceebaa6878138cffdf742031fd39be2684eb1f4523a6f1edc1abdd416f6f4ec7fc1af68fc23cdaa3d622f60b446dbf7d99b4e8115bb766e9d4332ce

  • SSDEEP

    12288:KMrMy90cjffYWPJjVwYpilrX+dvYzi+rKg1U2C:6y5jffYmMY8z+dwzwO6

Score
10/10
amadeyhealerredlinestealcsavindropperevasioninfostealerpersistencespywarestealertrojan

Malware Config

Extracted

Family

amadey

Version

3.87

C2

193.233.255.9/nasa/index.php

Extracted

Family

redline

Botnet

savin

C2

77.91.124.156:19071

Attributes
  • auth_value

    a1a05b810428195ab7bb63b132ea0c8d

Extracted

Family

stealc

C2

http://77.73.131.100/a2f524d70db7d1a7.php

Targets

    • Target

      f8e7c022557ab5356b8ce5dc735337c838cc6c56365ea1faeb10cc2c94942aa4

    • Size

      560KB

    • MD5

      cc22b16c2a8a28c84992c3813ae55628

    • SHA1

      6f6966745e962433a1043642fecfd1a273cea8de

    • SHA256

      f8e7c022557ab5356b8ce5dc735337c838cc6c56365ea1faeb10cc2c94942aa4

    • SHA512

      c1d0ce245ceebaa6878138cffdf742031fd39be2684eb1f4523a6f1edc1abdd416f6f4ec7fc1af68fc23cdaa3d622f60b446dbf7d99b4e8115bb766e9d4332ce

    • SSDEEP

      12288:KMrMy90cjffYWPJjVwYpilrX+dvYzi+rKg1U2C:6y5jffYmMY8z+dwzwO6

    Score
    10/10
    amadeyhealerredlinestealcsavindropperevasioninfostealerpersistencespywarestealertrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

      dropperhealer

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Windows security modification

      evasiontrojan

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks