Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
d9cbb8b59cb294437a95d632bd67bd95.exe
-
Size
268KB
-
Sample
221007-yd39jadce9
-
MD5
d9cbb8b59cb294437a95d632bd67bd95
-
SHA1
4660e342a02c6084ca69d84ac74ca7353befbca7
-
SHA256
dcdd0cd8d4a274600c01db970c804976b8d56911111250786be99d8aa7dd094c
-
SHA512
17f7b229083e623c70708aececde8f9e846364dad6c072668e8138978344d030379eaad271043dffbbb92ef1c7c00254a0db9d6afe42c508333d1730d893b7e3
-
SSDEEP
3072:bXN1fhc0WNE7PalYhMm5WlbkvEfjsUK9St9k8AvNpPIcc2V788VggjcGkNIVqIx/:zTZtalYCp6EfQUWoKv/s2uI7ITsqe4
Malware Config
Targets
-
-
Target
d9cbb8b59cb294437a95d632bd67bd95.exe
-
Size
268KB
-
MD5
d9cbb8b59cb294437a95d632bd67bd95
-
SHA1
4660e342a02c6084ca69d84ac74ca7353befbca7
-
SHA256
dcdd0cd8d4a274600c01db970c804976b8d56911111250786be99d8aa7dd094c
-
SHA512
17f7b229083e623c70708aececde8f9e846364dad6c072668e8138978344d030379eaad271043dffbbb92ef1c7c00254a0db9d6afe42c508333d1730d893b7e3
-
SSDEEP
3072:bXN1fhc0WNE7PalYhMm5WlbkvEfjsUK9St9k8AvNpPIcc2V788VggjcGkNIVqIx/:zTZtalYCp6EfQUWoKv/s2uI7ITsqe4
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detect Amadey credential stealer module
-
Detects Smokeloader packer
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-