Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1d38eab4e2889ce0d028c8c33d5126e330d65a727b947a59d66463634b6f1289

  • Size

    705KB

  • Sample

    230825-xv5m9aga9v

  • MD5

    e667d67071d3d5b5f3a4436a3d373924

  • SHA1

    caa5d4dfaf43aa2dcd8cd8cf2a202dd9ea403ac8

  • SHA256

    1d38eab4e2889ce0d028c8c33d5126e330d65a727b947a59d66463634b6f1289

  • SHA512

    ccea9e50b7ee3476d6a850f3f500bea367b0a6ed1b700393677a4cc0a8a4262bb4b6da345ec5fed98b0d7fac1895e234ad2e783ee9eeb2ebe3f183f043220fb7

  • SSDEEP

    12288:YMrJy90Z4UD72Q//Iigu8ErP1wcFbN81SCbbIR5rKhNcPdKMPDGmxQKFwfl6mFKM:hycD/JntxN81SCbbILGNEKqymxQKal6C

Malware Config

Extracted

Family

amadey

Version

3.87

C2

77.91.68.18/nice/index.php

Extracted

Family

redline

Botnet

jaja

C2

77.91.124.73:19071

Attributes
  • auth_value

    3670179d176ca399ed08e7914610b43c

Targets

    • Target

      1d38eab4e2889ce0d028c8c33d5126e330d65a727b947a59d66463634b6f1289

    • Size

      705KB

    • MD5

      e667d67071d3d5b5f3a4436a3d373924

    • SHA1

      caa5d4dfaf43aa2dcd8cd8cf2a202dd9ea403ac8

    • SHA256

      1d38eab4e2889ce0d028c8c33d5126e330d65a727b947a59d66463634b6f1289

    • SHA512

      ccea9e50b7ee3476d6a850f3f500bea367b0a6ed1b700393677a4cc0a8a4262bb4b6da345ec5fed98b0d7fac1895e234ad2e783ee9eeb2ebe3f183f043220fb7

    • SSDEEP

      12288:YMrJy90Z4UD72Q//Iigu8ErP1wcFbN81SCbbIR5rKhNcPdKMPDGmxQKFwfl6mFKM:hycD/JntxN81SCbbILGNEKqymxQKal6C

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks