Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a5c9769f707c8b675bc60692f63318d4e705f57bce1236653cbfb5ae87d7cabc

  • Size

    287KB

  • Sample

    221225-vptyfseh7y

  • MD5

    8f3d9f98ff8a5559b93f96c2ad8fef1b

  • SHA1

    b8ea5c58600943fda8f0957006e5c02e8af3ef42

  • SHA256

    a5c9769f707c8b675bc60692f63318d4e705f57bce1236653cbfb5ae87d7cabc

  • SHA512

    a579b5ff6f105e3ca019472bbaeb95acfcd2fcdaf46712bc6fab4f2fb2c1c5ac20fad9b045ca72d0e638eca4137c0ad686bb20b92950ba7d5b4af3dd4451a999

  • SSDEEP

    6144:SfLqrVGgtnsQXjzVvvPwlS+RxgBu7VJ/RgGymI:SWhGgxtjzRj+RAu7VVRkm

Malware Config

Extracted

Family

amadey

Version

3.63

C2

62.204.41.165/g8sjnd3xe/index.php

Targets

    • Target

      a5c9769f707c8b675bc60692f63318d4e705f57bce1236653cbfb5ae87d7cabc

    • Size

      287KB

    • MD5

      8f3d9f98ff8a5559b93f96c2ad8fef1b

    • SHA1

      b8ea5c58600943fda8f0957006e5c02e8af3ef42

    • SHA256

      a5c9769f707c8b675bc60692f63318d4e705f57bce1236653cbfb5ae87d7cabc

    • SHA512

      a579b5ff6f105e3ca019472bbaeb95acfcd2fcdaf46712bc6fab4f2fb2c1c5ac20fad9b045ca72d0e638eca4137c0ad686bb20b92950ba7d5b4af3dd4451a999

    • SSDEEP

      6144:SfLqrVGgtnsQXjzVvvPwlS+RxgBu7VJ/RgGymI:SWhGgxtjzRj+RAu7VVRkm

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detect Amadey credential stealer module

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v6

Tasks