Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
431fab789f65114a9a625770d72850191832de05b4f6368ffb2cf877a02b9411
-
Size
300KB
-
Sample
221229-ccbl8scb56
-
MD5
b6b503be7216e3fc3c685b8b222f60e5
-
SHA1
b12fe336e09bf6a8173400ecb7c1108cf96f72fc
-
SHA256
431fab789f65114a9a625770d72850191832de05b4f6368ffb2cf877a02b9411
-
SHA512
108d5861a1e53f96a92816e1ea587896b89626b338ea142e59884e8ed639eaf6dc794fd3e0e7496c1fb61b993191c430090a62a96560a16f78e672fc4b2a6925
-
SSDEEP
6144:2LRUK/nt7ky+yE/xYtIznPtwTGYNciDtmmUXT:2FUK/ntr+y2tPOGiciDtmtT
Static task
static1
Behavioral task
behavioral1
Sample
431fab789f65114a9a625770d72850191832de05b4f6368ffb2cf877a02b9411.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
amadey
3.63
62.204.41.17/8bdSvcD/index.php
Targets
-
-
Target
431fab789f65114a9a625770d72850191832de05b4f6368ffb2cf877a02b9411
-
Size
300KB
-
MD5
b6b503be7216e3fc3c685b8b222f60e5
-
SHA1
b12fe336e09bf6a8173400ecb7c1108cf96f72fc
-
SHA256
431fab789f65114a9a625770d72850191832de05b4f6368ffb2cf877a02b9411
-
SHA512
108d5861a1e53f96a92816e1ea587896b89626b338ea142e59884e8ed639eaf6dc794fd3e0e7496c1fb61b993191c430090a62a96560a16f78e672fc4b2a6925
-
SSDEEP
6144:2LRUK/nt7ky+yE/xYtIznPtwTGYNciDtmmUXT:2FUK/ntr+y2tPOGiciDtmtT
Score10/10-
Detect Amadey credential stealer module
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-