Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
a5c9769f707c8b675bc60692f63318d4e705f57bce1236653cbfb5ae87d7cabc
-
Size
287KB
-
Sample
221225-vptyfseh7y
-
MD5
8f3d9f98ff8a5559b93f96c2ad8fef1b
-
SHA1
b8ea5c58600943fda8f0957006e5c02e8af3ef42
-
SHA256
a5c9769f707c8b675bc60692f63318d4e705f57bce1236653cbfb5ae87d7cabc
-
SHA512
a579b5ff6f105e3ca019472bbaeb95acfcd2fcdaf46712bc6fab4f2fb2c1c5ac20fad9b045ca72d0e638eca4137c0ad686bb20b92950ba7d5b4af3dd4451a999
-
SSDEEP
6144:SfLqrVGgtnsQXjzVvvPwlS+RxgBu7VJ/RgGymI:SWhGgxtjzRj+RAu7VVRkm
Malware Config
Extracted
amadey
3.63
62.204.41.165/g8sjnd3xe/index.php
Targets
-
-
Target
a5c9769f707c8b675bc60692f63318d4e705f57bce1236653cbfb5ae87d7cabc
-
Size
287KB
-
MD5
8f3d9f98ff8a5559b93f96c2ad8fef1b
-
SHA1
b8ea5c58600943fda8f0957006e5c02e8af3ef42
-
SHA256
a5c9769f707c8b675bc60692f63318d4e705f57bce1236653cbfb5ae87d7cabc
-
SHA512
a579b5ff6f105e3ca019472bbaeb95acfcd2fcdaf46712bc6fab4f2fb2c1c5ac20fad9b045ca72d0e638eca4137c0ad686bb20b92950ba7d5b4af3dd4451a999
-
SSDEEP
6144:SfLqrVGgtnsQXjzVvvPwlS+RxgBu7VJ/RgGymI:SWhGgxtjzRj+RAu7VVRkm
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detect Amadey credential stealer module
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Accesses Microsoft Outlook profiles
-