Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9820b41a704852e920de3d3155ff3ccefdf50d623d6fba7e89b6051f58f6a7bd

  • Size

    1.4MB

  • Sample

    230828-n43qksdf2w

  • MD5

    2756657c1645923808846f573005ccf9

  • SHA1

    5d3257fb22b4e270b708acaf4d45dd62f20cf114

  • SHA256

    9820b41a704852e920de3d3155ff3ccefdf50d623d6fba7e89b6051f58f6a7bd

  • SHA512

    5cccbca1833ebff8adbf97bc4d49b31b431e39ccfb30e582e9f6e8e68e496ba8590856791335bd1ed16b7af2a603a824eaef15a904c86e10cc6d6b4b4e830d70

  • SSDEEP

    24576:IyRdbMWlMFf2aL2fVCpKvtZSD7XF2ib5iTFxukqOxLrgSmmSdKYO12CoU0xi9zI3:PPbnlEv29YKvtZSN2ibwxuBOhrgRoYQx

Malware Config

Extracted

Family

amadey

Version

3.87

C2

77.91.68.18/nice/index.php

Extracted

Family

redline

Botnet

stas

C2

77.91.124.82:19071

Attributes
  • auth_value

    db6d96c4eade05afc28c31d9ad73a73c

Targets

    • Target

      9820b41a704852e920de3d3155ff3ccefdf50d623d6fba7e89b6051f58f6a7bd

    • Size

      1.4MB

    • MD5

      2756657c1645923808846f573005ccf9

    • SHA1

      5d3257fb22b4e270b708acaf4d45dd62f20cf114

    • SHA256

      9820b41a704852e920de3d3155ff3ccefdf50d623d6fba7e89b6051f58f6a7bd

    • SHA512

      5cccbca1833ebff8adbf97bc4d49b31b431e39ccfb30e582e9f6e8e68e496ba8590856791335bd1ed16b7af2a603a824eaef15a904c86e10cc6d6b4b4e830d70

    • SSDEEP

      24576:IyRdbMWlMFf2aL2fVCpKvtZSD7XF2ib5iTFxukqOxLrgSmmSdKYO12CoU0xi9zI3:PPbnlEv29YKvtZSN2ibwxuBOhrgRoYQx

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks