Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    x3950412.exe

  • Size

    706KB

  • Sample

    230821-fgljsaah92

  • MD5

    1cf8338e3f149d8139ec88161b591045

  • SHA1

    8d6874c50e201cbf3384461c5e1b01f1197fc622

  • SHA256

    4b73c3674a864ee1a2c341534023f82b7990fe3f5e8cba41819eba74df146b0b

  • SHA512

    5d83c48e7d3a575c1f5336c51597182793e6fc9ad101c00e0abfeebbd05643b8226a69d44e3e180e85a6a5ba0b4d7580b5db2d08c29e2ca1c1ae5556fb0b726b

  • SSDEEP

    12288:NMr2y90bOZu/dVon748KLOf/4DCB+MCLbKdSstrblwr1Ud+SlXnPSG6KFhoK4:3yaV/TvLdCBNCLOdBtwRPSFb6KFeD

Malware Config

Extracted

Family

amadey

Version

S-%lu-

C2

77.91.68.18/nice/index.php

3.87/nice/index.php

Extracted

Family

redline

Botnet

chang

C2

77.91.124.73:19071

Attributes
  • auth_value

    92b880db64e691d6bb290d1536ce7688

Targets

    • Target

      x3950412.exe

    • Size

      706KB

    • MD5

      1cf8338e3f149d8139ec88161b591045

    • SHA1

      8d6874c50e201cbf3384461c5e1b01f1197fc622

    • SHA256

      4b73c3674a864ee1a2c341534023f82b7990fe3f5e8cba41819eba74df146b0b

    • SHA512

      5d83c48e7d3a575c1f5336c51597182793e6fc9ad101c00e0abfeebbd05643b8226a69d44e3e180e85a6a5ba0b4d7580b5db2d08c29e2ca1c1ae5556fb0b726b

    • SSDEEP

      12288:NMr2y90bOZu/dVon748KLOf/4DCB+MCLbKdSstrblwr1Ud+SlXnPSG6KFhoK4:3yaV/TvLdCBNCLOdBtwRPSFb6KFeD

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks