Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

cc6573c4ad...c8.exe

windows7-x64

10

cc6573c4ad...c8.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cc6573c4ad6f0700c00a02ed4bc305107eecd995f1612be99f07f318017efec8

  • Size

    174KB

  • Sample

    221128-cmh43aga22

  • MD5

    cd4f99f833233fd52a2e7fc838cc9a5a

  • SHA1

    396ab329e9c80ca405e8ee1fb592fdfb712755fe

  • SHA256

    d57f0944d61b9328c314bb1a7eb8142b58658162d8549909f7aa06a464847d21

  • SHA512

    0f70faae8090fbf2d2fe1745052122b314dcd1ed1375c13739262f9c40685a28c30d91fa164c3ed6d9829e1e9cd1d88be66906a9d091e3094f9e68198b6a3197

  • SSDEEP

    3072:AtLiaBRHJFlEf3OwqRDlE9Bd6BQDLNilRwsrRJ4uQmuv7n7AG+KURf:At+a3HJFlEf+BDkaBQXNwwyJ4jmuv7nG

Score
10/10
amadeycollectionspywarestealertrojan

Malware Config

Extracted

Family

amadey

Version

3.50

C2

193.56.146.194/h49vlBP/index.php

Targets

    • Target

      cc6573c4ad6f0700c00a02ed4bc305107eecd995f1612be99f07f318017efec8

    • Size

      226KB

    • MD5

      cdd4c17bc79e0e111d637b515d7b20df

    • SHA1

      6b644f1606f5a2af380ca1dc720c7eb2fd21b1fc

    • SHA256

      cc6573c4ad6f0700c00a02ed4bc305107eecd995f1612be99f07f318017efec8

    • SHA512

      d7f4ffad5cca735d073e0b4dff54635a62170015a109e18ff227f864654d9f0c7fed76ed3019fd1badc7eedd9046b9bc526d96a20c554e5f6e2480d886eb31ed

    • SSDEEP

      6144:gpKes0N5fHjkaBQXjwwyJ4jmuv7nM12pzn:Xes0NtjNBNL4jV7n5

    Score
    10/10
    amadeycollectionspywarestealertrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Detect Amadey credential stealer module

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.