Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5b762ac632cf8f888a32eacd367409ad7b9d34bed92c1c0baf99053d50996594

  • Size

    1.4MB

  • Sample

    230827-jvqmfagc29

  • MD5

    007f9f8c2c4f960b7f0b81667ba0521a

  • SHA1

    4807e340be2870eac0b4fd30d0b7a10288ca0b8d

  • SHA256

    5b762ac632cf8f888a32eacd367409ad7b9d34bed92c1c0baf99053d50996594

  • SHA512

    66bc59160d48985fc731e742f81843fb3bcc9c0c326a421030c9a92d63253bee8769dd93f0adbb164bce34a9423c1207732b97c5b5319cbd80a8943117a8456d

  • SSDEEP

    24576:uyPeO9ldNOq7jKR3RB26k0q6HKvKcMUDStiRCH5k8XC6YIKs55gf9Fm1D:9h9bwdR3/RkKKvKcMU2KCHi8yRIT55k

Malware Config

Extracted

Family

amadey

Version

3.87

C2

77.91.68.18/nice/index.php

Extracted

Family

redline

Botnet

nrava

C2

77.91.124.82:19071

Attributes
  • auth_value

    43fe50e9ee6afb85588e03ac9676e2f7

Targets

    • Target

      5b762ac632cf8f888a32eacd367409ad7b9d34bed92c1c0baf99053d50996594

    • Size

      1.4MB

    • MD5

      007f9f8c2c4f960b7f0b81667ba0521a

    • SHA1

      4807e340be2870eac0b4fd30d0b7a10288ca0b8d

    • SHA256

      5b762ac632cf8f888a32eacd367409ad7b9d34bed92c1c0baf99053d50996594

    • SHA512

      66bc59160d48985fc731e742f81843fb3bcc9c0c326a421030c9a92d63253bee8769dd93f0adbb164bce34a9423c1207732b97c5b5319cbd80a8943117a8456d

    • SSDEEP

      24576:uyPeO9ldNOq7jKR3RB26k0q6HKvKcMUDStiRCH5k8XC6YIKs55gf9Fm1D:9h9bwdR3/RkKKvKcMU2KCHi8yRIT55k

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks