Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0db954ffb816a6d73c6643a3c18a341b189e3482d54ea815b95337ade886aa72

  • Size

    556KB

  • Sample

    230805-e6n6jaha5s

  • MD5

    869bccb4847fb9a453ba867c34261a95

  • SHA1

    8f94dc8d5f2be1a11ad4e3374a80164caeac62e6

  • SHA256

    0db954ffb816a6d73c6643a3c18a341b189e3482d54ea815b95337ade886aa72

  • SHA512

    6b5c39ec31345ec9f8f199121e45589150e601363c6608fa02c0d16580cdc7b22dacd56560392705d7ff01b178686359c972e45d093f304d8d218250cbbbecfa

  • SSDEEP

    12288:7Mr8y90wzlpeB5hsiSpcrlw16mSOtR7Sz/i1vM9jEbLlglsi06:zyFhEPJyYjOI8MRvG6

Malware Config

Extracted

Family

amadey

Version

3.86

C2

77.91.68.61/rock/index.php

Extracted

Family

redline

Botnet

micky

C2

77.91.124.172:19071

Attributes
  • auth_value

    748f3c67c004f4a994500f05127b4428

Targets

    • Target

      0db954ffb816a6d73c6643a3c18a341b189e3482d54ea815b95337ade886aa72

    • Size

      556KB

    • MD5

      869bccb4847fb9a453ba867c34261a95

    • SHA1

      8f94dc8d5f2be1a11ad4e3374a80164caeac62e6

    • SHA256

      0db954ffb816a6d73c6643a3c18a341b189e3482d54ea815b95337ade886aa72

    • SHA512

      6b5c39ec31345ec9f8f199121e45589150e601363c6608fa02c0d16580cdc7b22dacd56560392705d7ff01b178686359c972e45d093f304d8d218250cbbbecfa

    • SSDEEP

      12288:7Mr8y90wzlpeB5hsiSpcrlw16mSOtR7Sz/i1vM9jEbLlglsi06:zyFhEPJyYjOI8MRvG6

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks