Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    96737f712182be8dbff74b514cf8057bf540692009a7e1895626ddfe6dcb5656

  • Size

    1.4MB

  • Sample

    230901-cy3ylsbg3x

  • MD5

    0828dae190caf564b35d342e1d0e244e

  • SHA1

    6ac4d5fdb27f0dda79785a5efc98626c2cca5018

  • SHA256

    96737f712182be8dbff74b514cf8057bf540692009a7e1895626ddfe6dcb5656

  • SHA512

    c3861b1de7fac64157f53eb47272c99565be34f1dbd29d04a5bf48248524a46554bf69e41f0b93bf3acaa8d21aececcdcfdf14ed780b9e1f6b3bcf5ff91e2bf9

  • SSDEEP

    24576:pyDjM7QXoFnKOOhiznQjyiDbfF67pLpwO39dhkGc/6o+KDw5pCO9iM6Yfj7td:cMsGKOOhiznQ+iDbf81LpdhkGg0x5pCo

Malware Config

Extracted

Family

amadey

Version

3.87

C2

77.91.68.18/nice/index.php

Attributes
  • install_dir

    b40d11255d

  • install_file

    saves.exe

  • strings_key

    fa622dfc42544927a6471829ee1fa9fe

rc4.plain

Extracted

Family

redline

Botnet

jang

C2

77.91.124.82:19071

Attributes
  • auth_value

    662102010afcbe9e22b13116b1c1a088

Targets

    • Target

      96737f712182be8dbff74b514cf8057bf540692009a7e1895626ddfe6dcb5656

    • Size

      1.4MB

    • MD5

      0828dae190caf564b35d342e1d0e244e

    • SHA1

      6ac4d5fdb27f0dda79785a5efc98626c2cca5018

    • SHA256

      96737f712182be8dbff74b514cf8057bf540692009a7e1895626ddfe6dcb5656

    • SHA512

      c3861b1de7fac64157f53eb47272c99565be34f1dbd29d04a5bf48248524a46554bf69e41f0b93bf3acaa8d21aececcdcfdf14ed780b9e1f6b3bcf5ff91e2bf9

    • SSDEEP

      24576:pyDjM7QXoFnKOOhiznQjyiDbfF67pLpwO39dhkGc/6o+KDw5pCO9iM6Yfj7td:cMsGKOOhiznQ+iDbf81LpdhkGg0x5pCo

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks