Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    17916644ce4dcf5ff237294a4ab966d1cb2c9b3a9f3dcf80a219f5bfd09bb12aexe_JC.exe

  • Size

    556KB

  • Sample

    230806-lb4fasgf48

  • MD5

    ee9edbd464feee7463e4670e7299ec51

  • SHA1

    897986186c068dca4b8d341be42befacc78e6703

  • SHA256

    17916644ce4dcf5ff237294a4ab966d1cb2c9b3a9f3dcf80a219f5bfd09bb12a

  • SHA512

    d38091adc735b97987fb385cd1f07edc1b0fc289eb5effb83e5f451e608695447fd1c6904a65f085a3f65965e9398c20115f98cf0dff8c3edaa598f3ee1a80ff

  • SSDEEP

    12288:YMr8y901XxATV+leXKpay2B7H8M9YWlm:UyaXxAZtXKpa5B7h9Ycm

Malware Config

Extracted

Family

amadey

Version

3.86

C2

77.91.68.61/rock/index.php

Extracted

Family

redline

Botnet

micky

C2

77.91.124.172:19071

Attributes
  • auth_value

    748f3c67c004f4a994500f05127b4428

Targets

    • Target

      17916644ce4dcf5ff237294a4ab966d1cb2c9b3a9f3dcf80a219f5bfd09bb12aexe_JC.exe

    • Size

      556KB

    • MD5

      ee9edbd464feee7463e4670e7299ec51

    • SHA1

      897986186c068dca4b8d341be42befacc78e6703

    • SHA256

      17916644ce4dcf5ff237294a4ab966d1cb2c9b3a9f3dcf80a219f5bfd09bb12a

    • SHA512

      d38091adc735b97987fb385cd1f07edc1b0fc289eb5effb83e5f451e608695447fd1c6904a65f085a3f65965e9398c20115f98cf0dff8c3edaa598f3ee1a80ff

    • SSDEEP

      12288:YMr8y901XxATV+leXKpay2B7H8M9YWlm:UyaXxAZtXKpa5B7h9Ycm

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks