Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
e5fa0db5f9ebee792f17dee722844ff9.bin
-
Size
687KB
-
Sample
230820-ct4z4sef8w
-
MD5
321872440b7a5b9a29e0f324a453bc83
-
SHA1
e3b6f87db044746ae31b10f6558e0e897148b8e9
-
SHA256
81bc0f746b489e0d184489f03a15b04d92bb83a57874552664c3f05199f0e008
-
SHA512
7bee96bc1653c35002dd63ff2980c587ca69ba0cbcde4584b8d25dbc31095aa9d7033e0ae9d928af3e438087178c99f05f431e4e84bbdf85cdb8e9dffefc6294
-
SSDEEP
12288:fykTU2drluTkJa7hsOvJhIfu8ABp/s46Tb+02ckmq/kUweOW/JynU3:pUixuTkJdGTIfFA3wb7tkmGkUweOM
Malware Config
Extracted
amadey
S-%lu-
77.91.68.18/nice/index.php
3.87/nice/index.php
Extracted
redline
dugin
77.91.124.73:19071
-
auth_value
7c3e46e091100fd26a6076996d374c28
Targets
-
-
Target
1ea4e314a02d324d66f1a09914f0c908b859e2c6ab1f39f72d34129673f95bea.exe
-
Size
731KB
-
MD5
e5fa0db5f9ebee792f17dee722844ff9
-
SHA1
8347501be768fec01eb1c337716e550d0ce0d9bd
-
SHA256
1ea4e314a02d324d66f1a09914f0c908b859e2c6ab1f39f72d34129673f95bea
-
SHA512
d47847786b56f1a6aaa11667d2df666ee9adbc730360af09edbddba104ea1521fb23dc1438d35256501b84b3321cffef3f44b4beaa4e2070276257434ec03fda
-
SSDEEP
12288:wMrEy90fywro8FIMBfkFgM18Tq0ectoW3U/FPD/5Mm6JrR4Lu3:kyyyd8Ky/q8TqVcoW3at5MtJdD
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1