Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    49eef199e58bf8a60267d58ece816e6d9d162b184dea2ebb2172c22068738098

  • Size

    1.4MB

  • Sample

    230827-flrllahe31

  • MD5

    5a22f920615069545f5cacb89f24dddd

  • SHA1

    bc46fd49790be457c1f5370a8cd39c9898387863

  • SHA256

    49eef199e58bf8a60267d58ece816e6d9d162b184dea2ebb2172c22068738098

  • SHA512

    1d99f54ec3bdd0375cda19a6926c45cb910707914b645f2fbc2822b0150a14e11e6e0d24af3900aab816d6f481dc287de125abefba738abe56b33f7f704a46b6

  • SSDEEP

    24576:fytgZwwaIh1UKY8rL414Pmgm2lMcmzNMYWQgcwQVwhB/4aB8arTMVu69y8u5PF5:qeZwwR/UKY8rwW7NMzOYWJcdwhuiDrCg

Malware Config

Extracted

Family

amadey

Version

3.87

C2

77.91.68.18/nice/index.php

Extracted

Family

redline

Botnet

nrava

C2

77.91.124.82:19071

Attributes
  • auth_value

    43fe50e9ee6afb85588e03ac9676e2f7

Targets

    • Target

      49eef199e58bf8a60267d58ece816e6d9d162b184dea2ebb2172c22068738098

    • Size

      1.4MB

    • MD5

      5a22f920615069545f5cacb89f24dddd

    • SHA1

      bc46fd49790be457c1f5370a8cd39c9898387863

    • SHA256

      49eef199e58bf8a60267d58ece816e6d9d162b184dea2ebb2172c22068738098

    • SHA512

      1d99f54ec3bdd0375cda19a6926c45cb910707914b645f2fbc2822b0150a14e11e6e0d24af3900aab816d6f481dc287de125abefba738abe56b33f7f704a46b6

    • SSDEEP

      24576:fytgZwwaIh1UKY8rL414Pmgm2lMcmzNMYWQgcwQVwhB/4aB8arTMVu69y8u5PF5:qeZwwR/UKY8rwW7NMzOYWJcdwhuiDrCg

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks