Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    85b297d3c410e836be3e92150f84ca975c70ffac3450f0da6cc82fcb78696506

  • Size

    729KB

  • Sample

    230818-h7k22she9s

  • MD5

    157c55e551359c141a1c1380f3ad8117

  • SHA1

    ee1dd78909e9bf11cea9c6f6b520485aa866b246

  • SHA256

    85b297d3c410e836be3e92150f84ca975c70ffac3450f0da6cc82fcb78696506

  • SHA512

    af72c20fa7ba8e49f4ec1c4f6d81dfb0e10dba966b03d440e0fa44e42ea9f6e8e6911843200d8042f663771566a24240285e85e30ed082cb62606fb187418227

  • SSDEEP

    12288:YMr1y90Rjoqzon3xXAUXGP4Sfh+sHmDEDAuijBrUmFk13OWsm9oJEL:tyWjron+5QSUsGDEDXYJbWsQL

Malware Config

Extracted

Family

amadey

Version

S-%lu-

C2

77.91.68.18/nice/index.php

3.87/nice/index.php

Extracted

Family

redline

Botnet

maga

C2

77.91.124.54:19071

Attributes
  • auth_value

    9dd7a0be219be9b6228dc9b4e112b812

Targets

    • Target

      85b297d3c410e836be3e92150f84ca975c70ffac3450f0da6cc82fcb78696506

    • Size

      729KB

    • MD5

      157c55e551359c141a1c1380f3ad8117

    • SHA1

      ee1dd78909e9bf11cea9c6f6b520485aa866b246

    • SHA256

      85b297d3c410e836be3e92150f84ca975c70ffac3450f0da6cc82fcb78696506

    • SHA512

      af72c20fa7ba8e49f4ec1c4f6d81dfb0e10dba966b03d440e0fa44e42ea9f6e8e6911843200d8042f663771566a24240285e85e30ed082cb62606fb187418227

    • SSDEEP

      12288:YMr1y90Rjoqzon3xXAUXGP4Sfh+sHmDEDAuijBrUmFk13OWsm9oJEL:tyWjron+5QSUsGDEDXYJbWsQL

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks