Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7da2b1437f81aa4440328b044dd8fbeb6c41b016a8d454e6e7159a85e50131e2

  • Size

    731KB

  • Sample

    230818-n1hk8sag7t

  • MD5

    9247a9ff1a6ca7eac5dc5ca4c0ad9980

  • SHA1

    9599a3ceb20fba6e2df21b1231c784ec16779ee8

  • SHA256

    7da2b1437f81aa4440328b044dd8fbeb6c41b016a8d454e6e7159a85e50131e2

  • SHA512

    5e5c2ea10629e3259b24fca7b4f05ef88b3e4fe3d5a54cd8b40815e08c28ad78ffc09c333eb56f645e835307e26f1fdc239e0cad7a3cbff49545f456a5bebc61

  • SSDEEP

    12288:sMrqy90XNMkxZo2OBwV1lLYu116PBphsFGH3msNgqO91RnoQoyJINA9:Oy8NMaZLOBwYujqvXmsSxRnoDux9

Malware Config

Extracted

Family

amadey

Version

S-%lu-

C2

77.91.68.18/nice/index.php

3.87/nice/index.php

Extracted

Family

redline

Botnet

dugin

C2

77.91.124.73:19071

Attributes
  • auth_value

    7c3e46e091100fd26a6076996d374c28

Targets

    • Target

      7da2b1437f81aa4440328b044dd8fbeb6c41b016a8d454e6e7159a85e50131e2

    • Size

      731KB

    • MD5

      9247a9ff1a6ca7eac5dc5ca4c0ad9980

    • SHA1

      9599a3ceb20fba6e2df21b1231c784ec16779ee8

    • SHA256

      7da2b1437f81aa4440328b044dd8fbeb6c41b016a8d454e6e7159a85e50131e2

    • SHA512

      5e5c2ea10629e3259b24fca7b4f05ef88b3e4fe3d5a54cd8b40815e08c28ad78ffc09c333eb56f645e835307e26f1fdc239e0cad7a3cbff49545f456a5bebc61

    • SSDEEP

      12288:sMrqy90XNMkxZo2OBwV1lLYu116PBphsFGH3msNgqO91RnoQoyJINA9:Oy8NMaZLOBwYujqvXmsSxRnoDux9

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks