Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
file.exe
-
Size
338KB
-
Sample
221229-ggvywscd85
-
MD5
fe641225d44e5c64bac142415f5e2ca9
-
SHA1
bb52078f856857af809aab239b5462da2e0e9e39
-
SHA256
26884198ab42034a2515a138d610a912875f1fc361c7a19bf5d861ab8a5841ae
-
SHA512
be0545fec243e9baae0c298e891956b843b3c7fb1a1b62f55bcdae43315c3311066baa3c02aa8b2e73f0423be48ac1cb8d6d36aac5cc3a84bbe942d78c72d276
-
SSDEEP
6144:CWUH4LEwjG5BeT56lcqeMy8v3lbviynvyh8slw7n1HbwZoV9J:2YowjG58ycl+lxnqh80w7
Malware Config
Extracted
amadey
3.63
62.204.41.17/8bdSvcD/index.php
Targets
-
-
Target
file.exe
-
Size
338KB
-
MD5
fe641225d44e5c64bac142415f5e2ca9
-
SHA1
bb52078f856857af809aab239b5462da2e0e9e39
-
SHA256
26884198ab42034a2515a138d610a912875f1fc361c7a19bf5d861ab8a5841ae
-
SHA512
be0545fec243e9baae0c298e891956b843b3c7fb1a1b62f55bcdae43315c3311066baa3c02aa8b2e73f0423be48ac1cb8d6d36aac5cc3a84bbe942d78c72d276
-
SSDEEP
6144:CWUH4LEwjG5BeT56lcqeMy8v3lbviynvyh8slw7n1HbwZoV9J:2YowjG58ycl+lxnqh80w7
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detect Amadey credential stealer module
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Accesses Microsoft Outlook profiles
-