Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
64255385483ede4acab5d8fd9c9a89c23f26d4969602936dcd835b5e52ae01af
-
Size
278KB
-
Sample
221225-ak48eaah33
-
MD5
946f67d81f0a0eb16319e583de94a4af
-
SHA1
83d9bf21f17fcd2aa0b0a133ffed35825fedc9b7
-
SHA256
64255385483ede4acab5d8fd9c9a89c23f26d4969602936dcd835b5e52ae01af
-
SHA512
7d89622cfdf1c1967d9631438746bae51769eb47adbd71225d04aba600fb50982983addaea83479f2ae944f038db45a3b082002b98b33be2b9e9938496abc651
-
SSDEEP
3072:QqiELFlaIw5gtRXQrzFFGaYPn2ek2E0h4plXeCh2GYNWbsuQg+auDpiN3aRf/ln:L3LFltLS9FDSnuphpNNJQg+aMgKn
Malware Config
Extracted
amadey
3.61
62.204.41.79/U7vfDb3kg/index.php
Targets
-
-
Target
64255385483ede4acab5d8fd9c9a89c23f26d4969602936dcd835b5e52ae01af
-
Size
278KB
-
MD5
946f67d81f0a0eb16319e583de94a4af
-
SHA1
83d9bf21f17fcd2aa0b0a133ffed35825fedc9b7
-
SHA256
64255385483ede4acab5d8fd9c9a89c23f26d4969602936dcd835b5e52ae01af
-
SHA512
7d89622cfdf1c1967d9631438746bae51769eb47adbd71225d04aba600fb50982983addaea83479f2ae944f038db45a3b082002b98b33be2b9e9938496abc651
-
SSDEEP
3072:QqiELFlaIw5gtRXQrzFFGaYPn2ek2E0h4plXeCh2GYNWbsuQg+auDpiN3aRf/ln:L3LFltLS9FDSnuphpNNJQg+aMgKn
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detect Amadey credential stealer module
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-