Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e5fa0db5f9ebee792f17dee722844ff9.bin

  • Size

    687KB

  • Sample

    230820-ct4z4sef8w

  • MD5

    321872440b7a5b9a29e0f324a453bc83

  • SHA1

    e3b6f87db044746ae31b10f6558e0e897148b8e9

  • SHA256

    81bc0f746b489e0d184489f03a15b04d92bb83a57874552664c3f05199f0e008

  • SHA512

    7bee96bc1653c35002dd63ff2980c587ca69ba0cbcde4584b8d25dbc31095aa9d7033e0ae9d928af3e438087178c99f05f431e4e84bbdf85cdb8e9dffefc6294

  • SSDEEP

    12288:fykTU2drluTkJa7hsOvJhIfu8ABp/s46Tb+02ckmq/kUweOW/JynU3:pUixuTkJdGTIfFA3wb7tkmGkUweOM

Malware Config

Extracted

Family

amadey

Version

S-%lu-

C2

77.91.68.18/nice/index.php

3.87/nice/index.php

Extracted

Family

redline

Botnet

dugin

C2

77.91.124.73:19071

Attributes
  • auth_value

    7c3e46e091100fd26a6076996d374c28

Targets

    • Target

      1ea4e314a02d324d66f1a09914f0c908b859e2c6ab1f39f72d34129673f95bea.exe

    • Size

      731KB

    • MD5

      e5fa0db5f9ebee792f17dee722844ff9

    • SHA1

      8347501be768fec01eb1c337716e550d0ce0d9bd

    • SHA256

      1ea4e314a02d324d66f1a09914f0c908b859e2c6ab1f39f72d34129673f95bea

    • SHA512

      d47847786b56f1a6aaa11667d2df666ee9adbc730360af09edbddba104ea1521fb23dc1438d35256501b84b3321cffef3f44b4beaa4e2070276257434ec03fda

    • SSDEEP

      12288:wMrEy90fywro8FIMBfkFgM18Tq0ectoW3U/FPD/5Mm6JrR4Lu3:kyyyd8Ky/q8TqVcoW3at5MtJdD

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks