Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file

  • Size

    325KB

  • Sample

    221105-287f8acfbp

  • MD5

    ccc9cd1a0772e295f72dbdc593fd1b91

  • SHA1

    673cb93a2ad861349df4ec838a27e19e87a05854

  • SHA256

    7b5a3705613370566fc71e12612c3952c763476a3df5f66c83bea6f64660e3b1

  • SHA512

    242f0bd5afb77feaff5c697c4e960589e1bb80615cc93dcafbb2b10e945f3a14c0d67ad34185104988d6b7cd70cc2e5424e6992270b10079e98604b378d0ecbc

  • SSDEEP

    3072:v5GRgsjPSgA5h45E17LNxEcsEqUhsSz9gjO8hN9fQomjKgvQ/IeXc4yjLUHy3L6n:v3sjKjJlDswsSh679xmjRvyg6yMTW9x

Malware Config

Targets

    • Target

      file

    • Size

      325KB

    • MD5

      ccc9cd1a0772e295f72dbdc593fd1b91

    • SHA1

      673cb93a2ad861349df4ec838a27e19e87a05854

    • SHA256

      7b5a3705613370566fc71e12612c3952c763476a3df5f66c83bea6f64660e3b1

    • SHA512

      242f0bd5afb77feaff5c697c4e960589e1bb80615cc93dcafbb2b10e945f3a14c0d67ad34185104988d6b7cd70cc2e5424e6992270b10079e98604b378d0ecbc

    • SSDEEP

      3072:v5GRgsjPSgA5h45E17LNxEcsEqUhsSz9gjO8hN9fQomjKgvQ/IeXc4yjLUHy3L6n:v3sjKjJlDswsSh679xmjRvyg6yMTW9x

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detect Amadey credential stealer module

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v6

Tasks