Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5ab680cdd080f642e02aeea813c498e5ace44c4138d0917c401f6b48e1698cc0

  • Size

    1.4MB

  • Sample

    230831-rj1bhafa8v

  • MD5

    185848d459c0bd5ca310f2e46caeeb0d

  • SHA1

    9b5009e9dfb319f60b335d8c0faaa1e607b9ecae

  • SHA256

    5ab680cdd080f642e02aeea813c498e5ace44c4138d0917c401f6b48e1698cc0

  • SHA512

    c85de696d2d45c2d595821af5bea31fd785da3946533f53bf6c4ffb60723757369cf26e8b69e96f1aa044bbe17ac5518e367e02a4152b892118e9da756ea9ea5

  • SSDEEP

    24576:2yvU20wDu6vr47mxK3nX8s55PtI/msY2exMW1wmSMGjFwjDkZAS4GDeVyTdQc:Fsh6vr4yxK3nXlA/msY2M1wmSD+D3S55

Malware Config

Extracted

Family

amadey

Version

3.87

C2

77.91.68.18/nice/index.php

Attributes
  • install_dir

    b40d11255d

  • install_file

    saves.exe

  • strings_key

    fa622dfc42544927a6471829ee1fa9fe

rc4.plain

Extracted

Family

redline

Botnet

sruta

C2

77.91.124.82:19071

Attributes
  • auth_value

    c556edcd49703319eca74247de20c236

Targets

    • Target

      5ab680cdd080f642e02aeea813c498e5ace44c4138d0917c401f6b48e1698cc0

    • Size

      1.4MB

    • MD5

      185848d459c0bd5ca310f2e46caeeb0d

    • SHA1

      9b5009e9dfb319f60b335d8c0faaa1e607b9ecae

    • SHA256

      5ab680cdd080f642e02aeea813c498e5ace44c4138d0917c401f6b48e1698cc0

    • SHA512

      c85de696d2d45c2d595821af5bea31fd785da3946533f53bf6c4ffb60723757369cf26e8b69e96f1aa044bbe17ac5518e367e02a4152b892118e9da756ea9ea5

    • SSDEEP

      24576:2yvU20wDu6vr47mxK3nX8s55PtI/msY2exMW1wmSMGjFwjDkZAS4GDeVyTdQc:Fsh6vr4yxK3nXlA/msY2M1wmSD+D3S55

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks