Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c8dd662f5fe9264ba051b8f282c48a3ab822d55f7155f9fd4947e360ccfd81ef

  • Size

    1.4MB

  • Sample

    230827-zk1mnafa6x

  • MD5

    6f5a0095d1ed9e7413acaac955a5e5c4

  • SHA1

    a062b9783d4eaee98567223df7f10f44f23a246e

  • SHA256

    c8dd662f5fe9264ba051b8f282c48a3ab822d55f7155f9fd4947e360ccfd81ef

  • SHA512

    af3b14c8a76fd5847f63137a9cbcba8a01c7d1467796585a0cbe4fc11781eb7fa293ccc0ad14ae4d42b22a9748a929ab97e37afa2867afa26955e9d4ce32a018

  • SSDEEP

    24576:yyJhjbWVFO7IySAV74IKhLZVafefiT8+WdjQcYS9xdPVHbip2agA0AiHz0gYff/+:ZJtW/ySAVEIKhLZVyee8+WdjFYS9X96i

Malware Config

Extracted

Family

amadey

Version

3.87

C2

77.91.68.18/nice/index.php

Extracted

Family

redline

Botnet

stas

C2

77.91.124.82:19071

Attributes
  • auth_value

    db6d96c4eade05afc28c31d9ad73a73c

Targets

    • Target

      c8dd662f5fe9264ba051b8f282c48a3ab822d55f7155f9fd4947e360ccfd81ef

    • Size

      1.4MB

    • MD5

      6f5a0095d1ed9e7413acaac955a5e5c4

    • SHA1

      a062b9783d4eaee98567223df7f10f44f23a246e

    • SHA256

      c8dd662f5fe9264ba051b8f282c48a3ab822d55f7155f9fd4947e360ccfd81ef

    • SHA512

      af3b14c8a76fd5847f63137a9cbcba8a01c7d1467796585a0cbe4fc11781eb7fa293ccc0ad14ae4d42b22a9748a929ab97e37afa2867afa26955e9d4ce32a018

    • SSDEEP

      24576:yyJhjbWVFO7IySAV74IKhLZVafefiT8+WdjQcYS9xdPVHbip2agA0AiHz0gYff/+:ZJtW/ySAVEIKhLZVyee8+WdjFYS9X96i

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks