Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    64255385483ede4acab5d8fd9c9a89c23f26d4969602936dcd835b5e52ae01af

  • Size

    278KB

  • Sample

    221225-ak48eaah33

  • MD5

    946f67d81f0a0eb16319e583de94a4af

  • SHA1

    83d9bf21f17fcd2aa0b0a133ffed35825fedc9b7

  • SHA256

    64255385483ede4acab5d8fd9c9a89c23f26d4969602936dcd835b5e52ae01af

  • SHA512

    7d89622cfdf1c1967d9631438746bae51769eb47adbd71225d04aba600fb50982983addaea83479f2ae944f038db45a3b082002b98b33be2b9e9938496abc651

  • SSDEEP

    3072:QqiELFlaIw5gtRXQrzFFGaYPn2ek2E0h4plXeCh2GYNWbsuQg+auDpiN3aRf/ln:L3LFltLS9FDSnuphpNNJQg+aMgKn

Malware Config

Extracted

Family

amadey

Version

3.61

C2

62.204.41.79/U7vfDb3kg/index.php

Targets

    • Target

      64255385483ede4acab5d8fd9c9a89c23f26d4969602936dcd835b5e52ae01af

    • Size

      278KB

    • MD5

      946f67d81f0a0eb16319e583de94a4af

    • SHA1

      83d9bf21f17fcd2aa0b0a133ffed35825fedc9b7

    • SHA256

      64255385483ede4acab5d8fd9c9a89c23f26d4969602936dcd835b5e52ae01af

    • SHA512

      7d89622cfdf1c1967d9631438746bae51769eb47adbd71225d04aba600fb50982983addaea83479f2ae944f038db45a3b082002b98b33be2b9e9938496abc651

    • SSDEEP

      3072:QqiELFlaIw5gtRXQrzFFGaYPn2ek2E0h4plXeCh2GYNWbsuQg+auDpiN3aRf/ln:L3LFltLS9FDSnuphpNNJQg+aMgKn

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detect Amadey credential stealer module

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks