Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
file.exe
-
Size
287KB
-
Sample
221216-kz2e6see22
-
MD5
1a97c4406f348d25ead8d0602ad4bc76
-
SHA1
22e5a1098ab941bd29ccc584535db7e70dea21d7
-
SHA256
d8f86de2df70991a48c9833e906bf0d39d731335e3055ecc1a32b150a5296709
-
SHA512
2588e5c8b1e69f3d26e08abc19f4de8baa647afca3766ac0b6587ef1dc7830350d0e4246230d5a5a10fd8049af65d0cca394aad2df6f4b9a31a1bf1d400d12a6
-
SSDEEP
6144:tUk2LiaIHxnaoo2WoBUqraScFELtf8qMrc:tUk2eaSxnaz3qujELx8n
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
amadey
3.60
62.204.41.79/fb73jc3/index.php
Targets
-
-
Target
file.exe
-
Size
287KB
-
MD5
1a97c4406f348d25ead8d0602ad4bc76
-
SHA1
22e5a1098ab941bd29ccc584535db7e70dea21d7
-
SHA256
d8f86de2df70991a48c9833e906bf0d39d731335e3055ecc1a32b150a5296709
-
SHA512
2588e5c8b1e69f3d26e08abc19f4de8baa647afca3766ac0b6587ef1dc7830350d0e4246230d5a5a10fd8049af65d0cca394aad2df6f4b9a31a1bf1d400d12a6
-
SSDEEP
6144:tUk2LiaIHxnaoo2WoBUqraScFELtf8qMrc:tUk2eaSxnaz3qujELx8n
Score10/10-
Detect Amadey credential stealer module
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-