Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    aa50127fb98706509eaddec3ee18cea93b0b60ad5656c94ab1d436d9437e785e

  • Size

    558KB

  • Sample

    230207-cg2dfsha52

  • MD5

    fc53f8da6891d6b39f7168dfcdc8ede9

  • SHA1

    f63863d1e2f8a1921a9d24200640ea0e34b0460d

  • SHA256

    aa50127fb98706509eaddec3ee18cea93b0b60ad5656c94ab1d436d9437e785e

  • SHA512

    fc7de4b8fb9f8bae3e3557640a3f385c13f5fbe8f76e8755f9c5e3c16a10e156bb39dec47c4ca5f30cb8944e870378869838b5c26d6ce9b25fa31149e6ff3873

  • SSDEEP

    12288:hMrvy90tleIv44bKZfTxCeRsOUIdO8TPXD7sS:Kya4xCeRsOtOWES

Score
10/10
amadeyevasionpersistencetrojan

Malware Config

Extracted

Family

amadey

Version

3.66

C2

62.204.41.4/Gol478Ns/index.php

Targets

    • Target

      aa50127fb98706509eaddec3ee18cea93b0b60ad5656c94ab1d436d9437e785e

    • Size

      558KB

    • MD5

      fc53f8da6891d6b39f7168dfcdc8ede9

    • SHA1

      f63863d1e2f8a1921a9d24200640ea0e34b0460d

    • SHA256

      aa50127fb98706509eaddec3ee18cea93b0b60ad5656c94ab1d436d9437e785e

    • SHA512

      fc7de4b8fb9f8bae3e3557640a3f385c13f5fbe8f76e8755f9c5e3c16a10e156bb39dec47c4ca5f30cb8944e870378869838b5c26d6ce9b25fa31149e6ff3873

    • SSDEEP

      12288:hMrvy90tleIv44bKZfTxCeRsOUIdO8TPXD7sS:Kya4xCeRsOtOWES

    Score
    10/10
    amadeyevasionpersistencetrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks