Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    y6660138.exe

  • Size

    433KB

  • Sample

    230816-fzwsgahe6z

  • MD5

    eea8264e4c69ce4cab45a82b83a4e392

  • SHA1

    77133bb847116f86c8de2a9d0b952bf0e93498e4

  • SHA256

    6c6cbccc1d477dee823fc1b15d48518e91f305c6b9295c0743ceee2344d250f1

  • SHA512

    b7aacd88c82f34b6b8306808175e96b78df9257172e87535208156cd565ad9ba364d9eb20bcf985adf935e3c6536e37ac095656ce02d0cb34533986fc8a7005c

  • SSDEEP

    12288:LMr8y90aji+WLFk26cPZAX/0R+8FMxcjk4IJIKUHvU:XyO+WLFkkm58yx4IqvPU

Malware Config

Extracted

Family

amadey

Version

S-%lu-

C2

77.91.68.18/nice/index.php

3.87/nice/index.php

Extracted

Family

redline

Botnet

meson

C2

77.91.124.54:19071

Attributes
  • auth_value

    47ca57ebe5c142c9ad4650f71bf57877

Targets

    • Target

      y6660138.exe

    • Size

      433KB

    • MD5

      eea8264e4c69ce4cab45a82b83a4e392

    • SHA1

      77133bb847116f86c8de2a9d0b952bf0e93498e4

    • SHA256

      6c6cbccc1d477dee823fc1b15d48518e91f305c6b9295c0743ceee2344d250f1

    • SHA512

      b7aacd88c82f34b6b8306808175e96b78df9257172e87535208156cd565ad9ba364d9eb20bcf985adf935e3c6536e37ac095656ce02d0cb34533986fc8a7005c

    • SSDEEP

      12288:LMr8y90aji+WLFk26cPZAX/0R+8FMxcjk4IJIKUHvU:XyO+WLFkkm58yx4IqvPU

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks