Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    48e809fc93557a4e2143698828ad7042e3cbfadeca1f5e02922e42541da14c20

  • Size

    705KB

  • Sample

    230827-lycabsag7t

  • MD5

    811e7be1721f9e3bda4c791050b9b3de

  • SHA1

    9009e3a0c9747734f69a1c884863e5e582d25161

  • SHA256

    48e809fc93557a4e2143698828ad7042e3cbfadeca1f5e02922e42541da14c20

  • SHA512

    913951d4030469aedb48ab09c8c3619969e393046baa3c26aa7f02508ad1b078ecc56291f2748cb3c494ffd6b1fe516ccb2477c4011e6b73beddad76be4eca7d

  • SSDEEP

    12288:jMrTy90e5nXYj6jkmbgbjqjRCELt4e3H/JwPuzGLvD57wSW:Yyh5Vrbg6joELt4ywOGvDZwz

Malware Config

Extracted

Family

amadey

Version

3.87

C2

77.91.68.18/nice/index.php

Extracted

Family

redline

Botnet

nrava

C2

77.91.124.82:19071

Attributes
  • auth_value

    43fe50e9ee6afb85588e03ac9676e2f7

Targets

    • Target

      48e809fc93557a4e2143698828ad7042e3cbfadeca1f5e02922e42541da14c20

    • Size

      705KB

    • MD5

      811e7be1721f9e3bda4c791050b9b3de

    • SHA1

      9009e3a0c9747734f69a1c884863e5e582d25161

    • SHA256

      48e809fc93557a4e2143698828ad7042e3cbfadeca1f5e02922e42541da14c20

    • SHA512

      913951d4030469aedb48ab09c8c3619969e393046baa3c26aa7f02508ad1b078ecc56291f2748cb3c494ffd6b1fe516ccb2477c4011e6b73beddad76be4eca7d

    • SSDEEP

      12288:jMrTy90e5nXYj6jkmbgbjqjRCELt4e3H/JwPuzGLvD57wSW:Yyh5Vrbg6joELt4ywOGvDZwz

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks