Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7509416aa5b0abbe9052fde46ea909880a2bb853ca45867c99092d2d156f0e8a

  • Size

    1.4MB

  • Sample

    230827-bw5hzseg48

  • MD5

    e9f7d644c1e9700cccd0259334316aa0

  • SHA1

    f93f6c24c70253c7623cf04a12b811f074ab5a54

  • SHA256

    7509416aa5b0abbe9052fde46ea909880a2bb853ca45867c99092d2d156f0e8a

  • SHA512

    71f3e347dfd50be619ef2bf7970f17c0e040d67c5e5f1fd5c6d7ef304a78ec779a82aac4b6aa7b6608f06d43d92ede7b37bc18a14838c9d31fce455fcb49b31c

  • SSDEEP

    24576:OyQ+oCc5OVQ2rFecIKze/mAeZQ4L4x9HnlMUBw2HDsVfahr4r0ZBD9UB23LHOhcr:dWl5crYKze/mK4k7+UBw2HDQfat629I4

Malware Config

Extracted

Family

amadey

Version

3.87

C2

77.91.68.18/nice/index.php

Extracted

Family

redline

Botnet

nrava

C2

77.91.124.82:19071

Attributes
  • auth_value

    43fe50e9ee6afb85588e03ac9676e2f7

Targets

    • Target

      7509416aa5b0abbe9052fde46ea909880a2bb853ca45867c99092d2d156f0e8a

    • Size

      1.4MB

    • MD5

      e9f7d644c1e9700cccd0259334316aa0

    • SHA1

      f93f6c24c70253c7623cf04a12b811f074ab5a54

    • SHA256

      7509416aa5b0abbe9052fde46ea909880a2bb853ca45867c99092d2d156f0e8a

    • SHA512

      71f3e347dfd50be619ef2bf7970f17c0e040d67c5e5f1fd5c6d7ef304a78ec779a82aac4b6aa7b6608f06d43d92ede7b37bc18a14838c9d31fce455fcb49b31c

    • SSDEEP

      24576:OyQ+oCc5OVQ2rFecIKze/mAeZQ4L4x9HnlMUBw2HDsVfahr4r0ZBD9UB23LHOhcr:dWl5crYKze/mK4k7+UBw2HDQfat629I4

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks