Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1e3ed8f15fba33eb441a07abbe9ed13262454c30a826ed6a074e300ec74b3a02

  • Size

    390KB

  • Sample

    221203-ryzzaada9v

  • MD5

    819540cbe9045d2f904ec6e34c796ef7

  • SHA1

    2383a45f49df859dd72b3fcfa9b6ea23ed363a8e

  • SHA256

    1e3ed8f15fba33eb441a07abbe9ed13262454c30a826ed6a074e300ec74b3a02

  • SHA512

    fd04bd9ed062506061f9accbbf30fe43d05451a2ea994e82c8f561898a18265f74d577135299004797c5aee76ef5d304f4569fd1563f0e6ef8ed6fbbe8682759

  • SSDEEP

    6144:F97IOA3K/uQTj7DeV5r913HNAnMW2RqnbEJ+Y:F90OA3GTvKzr9pcMW3hY

Malware Config

Extracted

Family

amadey

Version

3.50

C2

31.41.244.167/v7eWcjs/index.php

Targets

    • Target

      1e3ed8f15fba33eb441a07abbe9ed13262454c30a826ed6a074e300ec74b3a02

    • Size

      390KB

    • MD5

      819540cbe9045d2f904ec6e34c796ef7

    • SHA1

      2383a45f49df859dd72b3fcfa9b6ea23ed363a8e

    • SHA256

      1e3ed8f15fba33eb441a07abbe9ed13262454c30a826ed6a074e300ec74b3a02

    • SHA512

      fd04bd9ed062506061f9accbbf30fe43d05451a2ea994e82c8f561898a18265f74d577135299004797c5aee76ef5d304f4569fd1563f0e6ef8ed6fbbe8682759

    • SSDEEP

      6144:F97IOA3K/uQTj7DeV5r913HNAnMW2RqnbEJ+Y:F90OA3GTvKzr9pcMW3hY

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detect Amadey credential stealer module

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v6

Tasks