Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
3ca83f296b847c27c4c15049d562ad4ef34258d299b564253bab014944c8b52f
-
Size
421KB
-
Sample
221207-alfansbf8s
-
MD5
b5d63107702a8f092b0d51e31e438697
-
SHA1
5bb8bebe518d5af0a8bb049c213bff9825511605
-
SHA256
3ca83f296b847c27c4c15049d562ad4ef34258d299b564253bab014944c8b52f
-
SHA512
5d5d0c0c2e34a6c8722a3d21e78eff724b3ec92d0ccd974345ed4127331d9dce8cbd2a2ad94a1c085f20783c474de686c70b91b485d2fdc2b68279eeac108d28
-
SSDEEP
6144:0dNaLxM3bQFMln0O2hpavxql/zYeuEhOnwM+qWcoBlCDyj5aVe:0SFM3bQFM5z27ScdzzuEhOnJycWCI3
Malware Config
Extracted
amadey
3.50
62.204.41.6/p9cWxH/index.php
Targets
-
-
Target
3ca83f296b847c27c4c15049d562ad4ef34258d299b564253bab014944c8b52f
-
Size
421KB
-
MD5
b5d63107702a8f092b0d51e31e438697
-
SHA1
5bb8bebe518d5af0a8bb049c213bff9825511605
-
SHA256
3ca83f296b847c27c4c15049d562ad4ef34258d299b564253bab014944c8b52f
-
SHA512
5d5d0c0c2e34a6c8722a3d21e78eff724b3ec92d0ccd974345ed4127331d9dce8cbd2a2ad94a1c085f20783c474de686c70b91b485d2fdc2b68279eeac108d28
-
SSDEEP
6144:0dNaLxM3bQFMln0O2hpavxql/zYeuEhOnwM+qWcoBlCDyj5aVe:0SFM3bQFM5z27ScdzzuEhOnJycWCI3
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detect Amadey credential stealer module
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Accesses Microsoft Outlook profiles
-