Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    29ea73123e3f421cbd0ebe032acc974de754fd1fe40d497adba54e42ba6cc7bc

  • Size

    282KB

  • Sample

    221223-2z57sshc59

  • MD5

    06668068f58e3d7e100a89dba30e28a7

  • SHA1

    50f45da4d0ea99d8306e9ba3dcf2866c06241f14

  • SHA256

    29ea73123e3f421cbd0ebe032acc974de754fd1fe40d497adba54e42ba6cc7bc

  • SHA512

    5b7d545ad3b2e1adb438f1d4717e950b9ddc88854649fe65d8a0343cb9213e1a570c95845c37901cf1ca0c195ea2b1cf8980b293375d5797d264621feec1d514

  • SSDEEP

    3072:zd8I/LhqtT5BrCdP1DqyUqNFuBe2BwQs9xut1KJ+2lvmvoemHqkXPH8oS8noAY30:H/Lh8zw1Dq2wtUAt1fm8oJoAHk5o

Malware Config

Extracted

Family

amadey

Version

3.63

C2

amadtrackings.com/g9TTnd3bS/index.php

Targets

    • Target

      29ea73123e3f421cbd0ebe032acc974de754fd1fe40d497adba54e42ba6cc7bc

    • Size

      282KB

    • MD5

      06668068f58e3d7e100a89dba30e28a7

    • SHA1

      50f45da4d0ea99d8306e9ba3dcf2866c06241f14

    • SHA256

      29ea73123e3f421cbd0ebe032acc974de754fd1fe40d497adba54e42ba6cc7bc

    • SHA512

      5b7d545ad3b2e1adb438f1d4717e950b9ddc88854649fe65d8a0343cb9213e1a570c95845c37901cf1ca0c195ea2b1cf8980b293375d5797d264621feec1d514

    • SSDEEP

      3072:zd8I/LhqtT5BrCdP1DqyUqNFuBe2BwQs9xut1KJ+2lvmvoemHqkXPH8oS8noAY30:H/Lh8zw1Dq2wtUAt1fm8oJoAHk5o

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detect Amadey credential stealer module

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v6

Tasks