Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    338KB

  • Sample

    221229-ggvywscd85

  • MD5

    fe641225d44e5c64bac142415f5e2ca9

  • SHA1

    bb52078f856857af809aab239b5462da2e0e9e39

  • SHA256

    26884198ab42034a2515a138d610a912875f1fc361c7a19bf5d861ab8a5841ae

  • SHA512

    be0545fec243e9baae0c298e891956b843b3c7fb1a1b62f55bcdae43315c3311066baa3c02aa8b2e73f0423be48ac1cb8d6d36aac5cc3a84bbe942d78c72d276

  • SSDEEP

    6144:CWUH4LEwjG5BeT56lcqeMy8v3lbviynvyh8slw7n1HbwZoV9J:2YowjG58ycl+lxnqh80w7

Malware Config

Extracted

Family

amadey

Version

3.63

C2

62.204.41.17/8bdSvcD/index.php

Targets

    • Target

      file.exe

    • Size

      338KB

    • MD5

      fe641225d44e5c64bac142415f5e2ca9

    • SHA1

      bb52078f856857af809aab239b5462da2e0e9e39

    • SHA256

      26884198ab42034a2515a138d610a912875f1fc361c7a19bf5d861ab8a5841ae

    • SHA512

      be0545fec243e9baae0c298e891956b843b3c7fb1a1b62f55bcdae43315c3311066baa3c02aa8b2e73f0423be48ac1cb8d6d36aac5cc3a84bbe942d78c72d276

    • SSDEEP

      6144:CWUH4LEwjG5BeT56lcqeMy8v3lbviynvyh8slw7n1HbwZoV9J:2YowjG58ycl+lxnqh80w7

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detect Amadey credential stealer module

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v6

Tasks