Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7350bc78f411455f292cba6d010ade5e8e4734c0c251b76238c63328420b49b1exe_JC.exe

  • Size

    560KB

  • Sample

    230806-lpts1sgg85

  • MD5

    97b39aa6fce80cbb379cf410f69d5160

  • SHA1

    94a349b18974ccbc11e25c3efec86a36bfc9355a

  • SHA256

    7350bc78f411455f292cba6d010ade5e8e4734c0c251b76238c63328420b49b1

  • SHA512

    8b907a570efaf4c9aa1466c0bf6fdf2279d21118ea8e8a36943cfecefdc06e16f945a188df291a9d0f32e9ba5b367e348f4d1a937fe75849c137825a1d4c3e7b

  • SSDEEP

    12288:tMruy90vojRuR5EmmrmSNyqEx/YtBy284isgZhFxn:XyyQemrzE5YtByD4iv

Malware Config

Extracted

Family

amadey

Version

3.87

C2

193.233.255.9/nasa/index.php

Extracted

Family

redline

Botnet

micky

C2

77.91.124.172:19071

Attributes
  • auth_value

    748f3c67c004f4a994500f05127b4428

Targets

    • Target

      7350bc78f411455f292cba6d010ade5e8e4734c0c251b76238c63328420b49b1exe_JC.exe

    • Size

      560KB

    • MD5

      97b39aa6fce80cbb379cf410f69d5160

    • SHA1

      94a349b18974ccbc11e25c3efec86a36bfc9355a

    • SHA256

      7350bc78f411455f292cba6d010ade5e8e4734c0c251b76238c63328420b49b1

    • SHA512

      8b907a570efaf4c9aa1466c0bf6fdf2279d21118ea8e8a36943cfecefdc06e16f945a188df291a9d0f32e9ba5b367e348f4d1a937fe75849c137825a1d4c3e7b

    • SSDEEP

      12288:tMruy90vojRuR5EmmrmSNyqEx/YtBy284isgZhFxn:XyyQemrzE5YtByD4iv

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks