Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    25713a5ac6215518bcbfffb54fe880ce6a2fbd56910b0f40b0b1f9fa8168c375

  • Size

    269KB

  • Sample

    221103-qhbfbaaeg7

  • MD5

    c76cf7ee37fd8325eb1cd5d62cd3ceab

  • SHA1

    810dc4679ca40a7ad9ba1e1e7dccb14f5fac53e8

  • SHA256

    25713a5ac6215518bcbfffb54fe880ce6a2fbd56910b0f40b0b1f9fa8168c375

  • SHA512

    ab68b7f4c5ecaff7b5580be76b60e05ac65b3812b03147cf21f9090197f1bb5c4b8581c7f4773a19c47c5d613ddd0c50a3bff5f6684b82ca6e015822e89d2532

  • SSDEEP

    6144:kBI0Af2cL3vOPE1rbXWyXeMhFpcDN38cAJ:kBrAfDOKnnhHcDaH

Malware Config

Targets

    • Target

      25713a5ac6215518bcbfffb54fe880ce6a2fbd56910b0f40b0b1f9fa8168c375

    • Size

      269KB

    • MD5

      c76cf7ee37fd8325eb1cd5d62cd3ceab

    • SHA1

      810dc4679ca40a7ad9ba1e1e7dccb14f5fac53e8

    • SHA256

      25713a5ac6215518bcbfffb54fe880ce6a2fbd56910b0f40b0b1f9fa8168c375

    • SHA512

      ab68b7f4c5ecaff7b5580be76b60e05ac65b3812b03147cf21f9090197f1bb5c4b8581c7f4773a19c47c5d613ddd0c50a3bff5f6684b82ca6e015822e89d2532

    • SSDEEP

      6144:kBI0Af2cL3vOPE1rbXWyXeMhFpcDN38cAJ:kBrAfDOKnnhHcDaH

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detect Amadey credential stealer module

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v6

Tasks