Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

ec51637688...d9.exe

windows7-x64

10

ec51637688...d9.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ec51637688dc99fbc7c40012b492c7fa177ed266237c2ec0315a84f48c859cd9

  • Size

    1005KB

  • Sample

    231011-lthasaeg8w

  • MD5

    d3e98d9c5bd5fe114e86549dad1dabd0

  • SHA1

    be978bb2cd249284a5d12e53a84688b7d03f7437

  • SHA256

    7a4e530072b3a75d6dc96b8d2c7bcbc08dbad8bf869ee28ae4dd46fb151b22e0

  • SHA512

    8fba949051f09a71dc09362d48a288bcf346acbbde0a575644ee8c4ff7e854fa57c8cf024106b5ee83125aeaa94f52bbd0a3447788c552544bb66a9110aabd68

  • SSDEEP

    24576:+xyTng9nEwOkVqxWzySuYlkbwiz/ZLo6aq:+k7ogA1fJ0Aq

Score
10/10
amadeyhealermysticredlinegruhadropperevasioninfostealerpersistencestealertrojan

Malware Config

Extracted

Family

redline

Botnet

gruha

C2

77.91.124.55:19071

Attributes
  • auth_value

    2f4cf2e668a540e64775b27535cc6892

Extracted

Family

amadey

Version

3.89

C2

http://77.91.68.52/mac/index.php

http://77.91.68.78/help/index.php
Attributes
  • install_dir

    fefffe8cea

  • install_file

    explonde.exe

  • strings_key

    916aae73606d7a9e02a1d3b47c199688

rc4.plain
1
006700e5a2ab05704bbb0c589b88924d
rc4.plain
1
a091ec0a6e22276a96a99c1d34ef679c

Targets

    • Target

      ec51637688dc99fbc7c40012b492c7fa177ed266237c2ec0315a84f48c859cd9

    • Size

      1.0MB

    • MD5

      92e5ddafcf57a441b16a6a6b1c678bf0

    • SHA1

      996c996716a0d5a6c3f11ecdb3a691eb9b7e529f

    • SHA256

      ec51637688dc99fbc7c40012b492c7fa177ed266237c2ec0315a84f48c859cd9

    • SHA512

      7592c46d2fb150fd6dd79b858e5be889e0c3847ef4112f5186072d90e1fc3b14b5ca2dc98a8ef02bb2a4a792965091ba6cfae3f8e4860aeb41bbb1205bac97db

    • SSDEEP

      24576:GyGnEg0gVMJWLq5yRYYv4iLIy/fLovwljl:VsM47JlLIy

    Score
    10/10
    healerdropperevasionpersistencetrojanamadeymysticredlinegruhainfostealerstealer

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Detect Mystic stealer payload

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

      dropperhealer

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Mystic

      Mystic is an infostealer written in C++.

      stealermystic

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.