Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    77b5cef1f46958b16b21d2fe4836130c1406832002beac168af7cfb3db4713ff

  • Size

    423KB

  • Sample

    221206-z2yjmadg32

  • MD5

    cd334129fb0d8e174eca8566e0e542fe

  • SHA1

    ffd830c762c2015b120acc25a24ecf8331047749

  • SHA256

    77b5cef1f46958b16b21d2fe4836130c1406832002beac168af7cfb3db4713ff

  • SHA512

    be8ee28ccf003ae90201f293e6dc2c704ceafa8dcba40d34a9f353436a8c6a97bde3e6ae8811964847b97c8d8ed593ddb1b08053665ec753fcee092c282becc4

  • SSDEEP

    6144:zicpZRsLJg+alhrpsmriQv89qIV2HUEUEU67bDLAWcoBlCdi1taVe:ziiZ61g+Idps97qIwKEU6fD3cWC+t3

Malware Config

Extracted

Family

amadey

Version

3.50

C2

77.73.133.72/hfk3vK9/index.php

Targets

    • Target

      77b5cef1f46958b16b21d2fe4836130c1406832002beac168af7cfb3db4713ff

    • Size

      423KB

    • MD5

      cd334129fb0d8e174eca8566e0e542fe

    • SHA1

      ffd830c762c2015b120acc25a24ecf8331047749

    • SHA256

      77b5cef1f46958b16b21d2fe4836130c1406832002beac168af7cfb3db4713ff

    • SHA512

      be8ee28ccf003ae90201f293e6dc2c704ceafa8dcba40d34a9f353436a8c6a97bde3e6ae8811964847b97c8d8ed593ddb1b08053665ec753fcee092c282becc4

    • SSDEEP

      6144:zicpZRsLJg+alhrpsmriQv89qIV2HUEUEU67bDLAWcoBlCdi1taVe:ziiZ61g+Idps97qIwKEU6fD3cWC+t3

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detect Amadey credential stealer module

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v6

Tasks