Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    287KB

  • Sample

    221216-kz2e6see22

  • MD5

    1a97c4406f348d25ead8d0602ad4bc76

  • SHA1

    22e5a1098ab941bd29ccc584535db7e70dea21d7

  • SHA256

    d8f86de2df70991a48c9833e906bf0d39d731335e3055ecc1a32b150a5296709

  • SHA512

    2588e5c8b1e69f3d26e08abc19f4de8baa647afca3766ac0b6587ef1dc7830350d0e4246230d5a5a10fd8049af65d0cca394aad2df6f4b9a31a1bf1d400d12a6

  • SSDEEP

    6144:tUk2LiaIHxnaoo2WoBUqraScFELtf8qMrc:tUk2eaSxnaz3qujELx8n

Malware Config

Extracted

Family

amadey

Version

3.60

C2

62.204.41.79/fb73jc3/index.php

Targets

    • Target

      file.exe

    • Size

      287KB

    • MD5

      1a97c4406f348d25ead8d0602ad4bc76

    • SHA1

      22e5a1098ab941bd29ccc584535db7e70dea21d7

    • SHA256

      d8f86de2df70991a48c9833e906bf0d39d731335e3055ecc1a32b150a5296709

    • SHA512

      2588e5c8b1e69f3d26e08abc19f4de8baa647afca3766ac0b6587ef1dc7830350d0e4246230d5a5a10fd8049af65d0cca394aad2df6f4b9a31a1bf1d400d12a6

    • SSDEEP

      6144:tUk2LiaIHxnaoo2WoBUqraScFELtf8qMrc:tUk2eaSxnaz3qujELx8n

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detect Amadey credential stealer module

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v6

Tasks