Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0118cf76a452338737c7fc4c4d1e63a781671ad4084e4d64da1291763654b571

  • Size

    715KB

  • Sample

    230822-nscp1sbh88

  • MD5

    b2de32d9e9f2fa7cab361479c055cbd0

  • SHA1

    d856c66d5ca730daa06d91bcd0153517864a1f76

  • SHA256

    0118cf76a452338737c7fc4c4d1e63a781671ad4084e4d64da1291763654b571

  • SHA512

    e55484008d986465819911889392cffdf446ffbcd60348ee4f0edfd797edf9788bc1334873a5db6feea1772d5e9ed859e6e7e65d272e3dc815c613565b038839

  • SSDEEP

    12288:yMrny90cm8rA3xZZjOWYQ9ZbAWjDucfAC4f2ZHwpqxd7u/r2B3BG5c:NyVtAZKahAIAC4f2ZHQi7uz2hBmc

Malware Config

Extracted

Family

amadey

Version

S-%lu-

C2

77.91.68.18/nice/index.php

3.87/nice/index.php

Extracted

Family

redline

Botnet

piter

C2

77.91.124.73:19071

Attributes
  • auth_value

    7f92ff466423bb35edbfbc22f78b0bb9

Targets

    • Target

      0118cf76a452338737c7fc4c4d1e63a781671ad4084e4d64da1291763654b571

    • Size

      715KB

    • MD5

      b2de32d9e9f2fa7cab361479c055cbd0

    • SHA1

      d856c66d5ca730daa06d91bcd0153517864a1f76

    • SHA256

      0118cf76a452338737c7fc4c4d1e63a781671ad4084e4d64da1291763654b571

    • SHA512

      e55484008d986465819911889392cffdf446ffbcd60348ee4f0edfd797edf9788bc1334873a5db6feea1772d5e9ed859e6e7e65d272e3dc815c613565b038839

    • SSDEEP

      12288:yMrny90cm8rA3xZZjOWYQ9ZbAWjDucfAC4f2ZHwpqxd7u/r2B3BG5c:NyVtAZKahAIAC4f2ZHQi7uz2hBmc

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks