Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b86284e00bd424856e31fd9d073c390182591a4b8ac1d763a1b8dae035d51de2

  • Size

    731KB

  • Sample

    230815-pynvxaag85

  • MD5

    a60e0cf992a718a636f0dc795ecae5af

  • SHA1

    df83adb74ea7aca5546be4e2282524fefc9c4735

  • SHA256

    b86284e00bd424856e31fd9d073c390182591a4b8ac1d763a1b8dae035d51de2

  • SHA512

    ef8534528bf2eb634966e3e64c564831843e30c774a26eb5664d2ed7ee2d17e8e32a3d579526609cbfd908f121f7981208faf23484d5945da85358fc1f2a189e

  • SSDEEP

    12288:7MrZy90Eptx5OcPeOgVh4AIonf6SC/bxL9q7bEgDcq1h1cc6/Fk/rmtKY:ayVpROM848Y1xq7bEgAshhokjwR

Malware Config

Extracted

Family

amadey

Version

S-%lu-

C2

77.91.68.18/nice/index.php

3.87/nice/index.php

Extracted

Family

redline

Botnet

meson

C2

77.91.124.54:19071

Attributes
  • auth_value

    47ca57ebe5c142c9ad4650f71bf57877

Targets

    • Target

      b86284e00bd424856e31fd9d073c390182591a4b8ac1d763a1b8dae035d51de2

    • Size

      731KB

    • MD5

      a60e0cf992a718a636f0dc795ecae5af

    • SHA1

      df83adb74ea7aca5546be4e2282524fefc9c4735

    • SHA256

      b86284e00bd424856e31fd9d073c390182591a4b8ac1d763a1b8dae035d51de2

    • SHA512

      ef8534528bf2eb634966e3e64c564831843e30c774a26eb5664d2ed7ee2d17e8e32a3d579526609cbfd908f121f7981208faf23484d5945da85358fc1f2a189e

    • SSDEEP

      12288:7MrZy90Eptx5OcPeOgVh4AIonf6SC/bxL9q7bEgDcq1h1cc6/Fk/rmtKY:ayVpROM848Y1xq7bEgAshhokjwR

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks