Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d829fc4c9d1f01d8e2cb214292dd34db4c7bf97f70c21.exe

  • Size

    556KB

  • Sample

    230805-gzbb7scb5x

  • MD5

    884f76d9b15d1aea689cf9c8c4f07061

  • SHA1

    f8e76ff39e0943c455a2d06f6ac3baf1e208c5a0

  • SHA256

    d829fc4c9d1f01d8e2cb214292dd34db4c7bf97f70c21b76462b8b3e94a9dd64

  • SHA512

    ca26b5c667146e7530b6f2fe3b5867d222613c3b2a420d536edabc5e76ed3a759e5f91225b5ba20b73aad6abe2625b56547994c19b72377641dd966201952992

  • SSDEEP

    12288:/MrMy905NnXXlwZpjSiC/X+Sx/G/SIdG9nTDUSKcR8Q8A+:ny+llcpe5/X7T0qnTobuy7

Malware Config

Extracted

Family

amadey

Version

3.86

C2

77.91.68.61/rock/index.php

Extracted

Family

redline

Botnet

micky

C2

77.91.124.172:19071

Attributes
  • auth_value

    748f3c67c004f4a994500f05127b4428

Targets

    • Target

      d829fc4c9d1f01d8e2cb214292dd34db4c7bf97f70c21.exe

    • Size

      556KB

    • MD5

      884f76d9b15d1aea689cf9c8c4f07061

    • SHA1

      f8e76ff39e0943c455a2d06f6ac3baf1e208c5a0

    • SHA256

      d829fc4c9d1f01d8e2cb214292dd34db4c7bf97f70c21b76462b8b3e94a9dd64

    • SHA512

      ca26b5c667146e7530b6f2fe3b5867d222613c3b2a420d536edabc5e76ed3a759e5f91225b5ba20b73aad6abe2625b56547994c19b72377641dd966201952992

    • SSDEEP

      12288:/MrMy905NnXXlwZpjSiC/X+Sx/G/SIdG9nTDUSKcR8Q8A+:ny+llcpe5/X7T0qnTobuy7

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks