Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2b547226e67c6d92e6692fb6fe19f01c7d8113e12e0f2eba1fb5daa563b1c4a9.exe

  • Size

    358KB

  • Sample

    221103-p3112acehm

  • MD5

    2bcab13ba12b586b0c3c2b4579803836

  • SHA1

    42f0a3f7acfb6b9be5490049b9ca8fd8d4df9553

  • SHA256

    2b547226e67c6d92e6692fb6fe19f01c7d8113e12e0f2eba1fb5daa563b1c4a9

  • SHA512

    8d4647ba1f6cb55061fc36bc606c2978ffe8d28ee8deafc4d40788434c5b21912e1e29ba4ff75243b8d3f21c4fe2de3d51920f0d00a2aac299f6abd519bf4a1e

  • SSDEEP

    6144:qiZY8hcK7iSZdGLbPhh6OjzfSPP47ITsq:vZYTiZcfFSo7

Malware Config

Targets

    • Target

      2b547226e67c6d92e6692fb6fe19f01c7d8113e12e0f2eba1fb5daa563b1c4a9.exe

    • Size

      358KB

    • MD5

      2bcab13ba12b586b0c3c2b4579803836

    • SHA1

      42f0a3f7acfb6b9be5490049b9ca8fd8d4df9553

    • SHA256

      2b547226e67c6d92e6692fb6fe19f01c7d8113e12e0f2eba1fb5daa563b1c4a9

    • SHA512

      8d4647ba1f6cb55061fc36bc606c2978ffe8d28ee8deafc4d40788434c5b21912e1e29ba4ff75243b8d3f21c4fe2de3d51920f0d00a2aac299f6abd519bf4a1e

    • SSDEEP

      6144:qiZY8hcK7iSZdGLbPhh6OjzfSPP47ITsq:vZYTiZcfFSo7

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detect Amadey credential stealer module

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v6

Tasks