Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0d63ae41ebd3569f6469bb8893a5acf3816f1b4b177c89210e0b69453c5b333e

  • Size

    361KB

  • Sample

    221102-fna2maaben

  • MD5

    237ba2b42480f768697f6728e5690230

  • SHA1

    48121e6fd277f9ad0066550b8214dada4baa980a

  • SHA256

    0d63ae41ebd3569f6469bb8893a5acf3816f1b4b177c89210e0b69453c5b333e

  • SHA512

    0bf04f6b088552829c5701cafdf0a58ca32d9427f4683d355f3ca69515b2cf4344128d30534f890952b410caf395a60c3ed768b1c24dac04ff47344275ba7a60

  • SSDEEP

    3072:HH8gbGUoly3Lc5StZ9icreSq1xROifqOAkDpwmQoz7SP6LpoI9wjWzVggjcGkNIq:n8gbIy7jQSqpOi1wmerImjm7ITsqF

Malware Config

Targets

    • Target

      0d63ae41ebd3569f6469bb8893a5acf3816f1b4b177c89210e0b69453c5b333e

    • Size

      361KB

    • MD5

      237ba2b42480f768697f6728e5690230

    • SHA1

      48121e6fd277f9ad0066550b8214dada4baa980a

    • SHA256

      0d63ae41ebd3569f6469bb8893a5acf3816f1b4b177c89210e0b69453c5b333e

    • SHA512

      0bf04f6b088552829c5701cafdf0a58ca32d9427f4683d355f3ca69515b2cf4344128d30534f890952b410caf395a60c3ed768b1c24dac04ff47344275ba7a60

    • SSDEEP

      3072:HH8gbGUoly3Lc5StZ9icreSq1xROifqOAkDpwmQoz7SP6LpoI9wjWzVggjcGkNIq:n8gbIy7jQSqpOi1wmerImjm7ITsqF

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detect Amadey credential stealer module

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks