Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
69b7abf0bf4fa6ce45b2d21d71be2d967d58721ed3ff345830e6f5a0be376712
-
Size
526KB
-
Sample
230207-p4mj2abg39
-
MD5
6cd6c137846e8f37c7b6741d2bc27733
-
SHA1
6f77a1bcdc0c8b799280676eeeaf470d4fee161a
-
SHA256
69b7abf0bf4fa6ce45b2d21d71be2d967d58721ed3ff345830e6f5a0be376712
-
SHA512
bb7f7b3d63c60793568779bb54e4a1331be1ff4261d95377e3d119bab6f6c0544ad248d3c57d159cdb81a30190e0df8ec80795a50584ec24b986cdf98a4be59d
-
SSDEEP
12288:9Mr5y90tBEZTxgK3KkqaEb9B3U/wFNQ8PuyFN:gyABkTP9+9zhrT
Malware Config
Extracted
amadey
3.66
62.204.41.5/Bu58Ngs/index.php
Targets
-
-
Target
69b7abf0bf4fa6ce45b2d21d71be2d967d58721ed3ff345830e6f5a0be376712
-
Size
526KB
-
MD5
6cd6c137846e8f37c7b6741d2bc27733
-
SHA1
6f77a1bcdc0c8b799280676eeeaf470d4fee161a
-
SHA256
69b7abf0bf4fa6ce45b2d21d71be2d967d58721ed3ff345830e6f5a0be376712
-
SHA512
bb7f7b3d63c60793568779bb54e4a1331be1ff4261d95377e3d119bab6f6c0544ad248d3c57d159cdb81a30190e0df8ec80795a50584ec24b986cdf98a4be59d
-
SSDEEP
12288:9Mr5y90tBEZTxgK3KkqaEb9B3U/wFNQ8PuyFN:gyABkTP9+9zhrT
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Modifies Windows Defender Real-time Protection settings
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-