Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    fd016b0f0a876b5fc97df610464984865015fe799b2ff700e672168737e44faa

  • Size

    281KB

  • Sample

    221223-y985nacd2x

  • MD5

    af991d7c2db58e42549976ccb36e5cc7

  • SHA1

    748c8a3a47d7331df0fc2f25a4e891161ec11c2d

  • SHA256

    fd016b0f0a876b5fc97df610464984865015fe799b2ff700e672168737e44faa

  • SHA512

    d57b56ea10ba0abf572ec67a272e0e6b958a4ddd27d9f8d92cfb31191cf9838132b99936f15490ca67acdedaddaae2c4a9239e30adef4d9cd970e0bff7421b2a

  • SSDEEP

    6144:hYPLCzXNHJFXbYGq2x5whJ4X5R158YXeIeYC8o13azHk5o:hg2zXHFXEGqAwhaXXXXeZaQ

Malware Config

Extracted

Family

amadey

Version

3.61

C2

62.204.41.79/U7vfDb3kg/index.php

Targets

    • Target

      fd016b0f0a876b5fc97df610464984865015fe799b2ff700e672168737e44faa

    • Size

      281KB

    • MD5

      af991d7c2db58e42549976ccb36e5cc7

    • SHA1

      748c8a3a47d7331df0fc2f25a4e891161ec11c2d

    • SHA256

      fd016b0f0a876b5fc97df610464984865015fe799b2ff700e672168737e44faa

    • SHA512

      d57b56ea10ba0abf572ec67a272e0e6b958a4ddd27d9f8d92cfb31191cf9838132b99936f15490ca67acdedaddaae2c4a9239e30adef4d9cd970e0bff7421b2a

    • SSDEEP

      6144:hYPLCzXNHJFXbYGq2x5whJ4X5R158YXeIeYC8o13azHk5o:hg2zXHFXEGqAwhaXXXXeZaQ

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detect Amadey credential stealer module

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v6

Tasks