Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
952516f9329a78c22dd4616690e1da1d468876a5a5d7410bf3b087d2bd65eec4.exe
-
Size
367KB
-
Sample
221216-v187hshh8w
-
MD5
17988a22cb3105fae2488f11a38e55e7
-
SHA1
ded099d65110a6be60931ae3e46d14c24ef562e6
-
SHA256
952516f9329a78c22dd4616690e1da1d468876a5a5d7410bf3b087d2bd65eec4
-
SHA512
0bceec8403c66a7417d9a837e3531c070ccf22f6473845dcd1ba877a26f6469f4dafdfb185e1462165171f476b3b20d2b596c6d676e93ccbf9394e00d3603a56
-
SSDEEP
6144:JYCnsLtk6+k4guyzJGRRpppzgLno2VMzrPrTvt0l0iPvzpQ6ijLxQFiaI:FsBkDtOFKpdgLoBPfv+lxnzpQ6ijqF
Static task
static1
Behavioral task
behavioral1
Sample
952516f9329a78c22dd4616690e1da1d468876a5a5d7410bf3b087d2bd65eec4.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
952516f9329a78c22dd4616690e1da1d468876a5a5d7410bf3b087d2bd65eec4.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
amadey
3.60
62.204.41.79/fb73jc3/index.php
Targets
-
-
Target
952516f9329a78c22dd4616690e1da1d468876a5a5d7410bf3b087d2bd65eec4.exe
-
Size
367KB
-
MD5
17988a22cb3105fae2488f11a38e55e7
-
SHA1
ded099d65110a6be60931ae3e46d14c24ef562e6
-
SHA256
952516f9329a78c22dd4616690e1da1d468876a5a5d7410bf3b087d2bd65eec4
-
SHA512
0bceec8403c66a7417d9a837e3531c070ccf22f6473845dcd1ba877a26f6469f4dafdfb185e1462165171f476b3b20d2b596c6d676e93ccbf9394e00d3603a56
-
SSDEEP
6144:JYCnsLtk6+k4guyzJGRRpppzgLno2VMzrPrTvt0l0iPvzpQ6ijLxQFiaI:FsBkDtOFKpdgLoBPfv+lxnzpQ6ijqF
Score10/10-
Detect Amadey credential stealer module
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-