Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    81f4babb3a6c4021c631cd770e5916fab71321622b45c9770f20d87149bab228

  • Size

    591KB

  • Sample

    230821-w6sbmagh6s

  • MD5

    0902424bc68ecac5e0d8557a89e65a80

  • SHA1

    4154a92f38f3147dde045aa0df1b0f0bcb5a67fb

  • SHA256

    81f4babb3a6c4021c631cd770e5916fab71321622b45c9770f20d87149bab228

  • SHA512

    7a6371030bf9924e8694c8ea1f3eefb351e9dcc50885f13709d993a5e8124244ad05736964dd8263858e22fdb1d320352996a344d5ca7f82f63a7e833cdbb82d

  • SSDEEP

    12288:2MrPy90/MFGHS1V2M52Mqxa49ZFBLfjSWhtS:ZysHS1AM5tqo+vBLfjS7

Malware Config

Extracted

Family

amadey

Version

S-%lu-

C2

77.91.68.18/nice/index.php

3.87/nice/index.php

Extracted

Family

redline

Botnet

lang

C2

77.91.124.73:19071

Attributes
  • auth_value

    92c0fc2b7a8b3fc5a01baa1abf31c42a

Targets

    • Target

      81f4babb3a6c4021c631cd770e5916fab71321622b45c9770f20d87149bab228

    • Size

      591KB

    • MD5

      0902424bc68ecac5e0d8557a89e65a80

    • SHA1

      4154a92f38f3147dde045aa0df1b0f0bcb5a67fb

    • SHA256

      81f4babb3a6c4021c631cd770e5916fab71321622b45c9770f20d87149bab228

    • SHA512

      7a6371030bf9924e8694c8ea1f3eefb351e9dcc50885f13709d993a5e8124244ad05736964dd8263858e22fdb1d320352996a344d5ca7f82f63a7e833cdbb82d

    • SSDEEP

      12288:2MrPy90/MFGHS1V2M52Mqxa49ZFBLfjSWhtS:ZysHS1AM5tqo+vBLfjS7

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks