Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    76fb63b6ca9ff8974b8a2ff34e9fddd0d3a588b78c93b7598322dd10d75929ee

  • Size

    525KB

  • Sample

    230207-zdm3zseh8t

  • MD5

    036fad06c42c99c14e300f6ae32c3b51

  • SHA1

    c7ab9196a16a02a34319dc1b6f56d0e1f84a3243

  • SHA256

    76fb63b6ca9ff8974b8a2ff34e9fddd0d3a588b78c93b7598322dd10d75929ee

  • SHA512

    4ede8c31b970beaab5e49a102f6f486803f17ecc58aae467e81cd916aeefa6eff34abccb091e47c6c971be62d43a56eff786f28f5445afa61d9244aaa00eea89

  • SSDEEP

    12288:vMrLy90nKQVefOVcLEYz0f1Q7nF1dCabpL7:UyAzVLSJP7FppL7

Score
10/10
amadeyevasionpersistencetrojan

Malware Config

Extracted

Family

amadey

Version

3.66

C2

62.204.41.5/Bu58Ngs/index.php

Targets

    • Target

      76fb63b6ca9ff8974b8a2ff34e9fddd0d3a588b78c93b7598322dd10d75929ee

    • Size

      525KB

    • MD5

      036fad06c42c99c14e300f6ae32c3b51

    • SHA1

      c7ab9196a16a02a34319dc1b6f56d0e1f84a3243

    • SHA256

      76fb63b6ca9ff8974b8a2ff34e9fddd0d3a588b78c93b7598322dd10d75929ee

    • SHA512

      4ede8c31b970beaab5e49a102f6f486803f17ecc58aae467e81cd916aeefa6eff34abccb091e47c6c971be62d43a56eff786f28f5445afa61d9244aaa00eea89

    • SSDEEP

      12288:vMrLy90nKQVefOVcLEYz0f1Q7nF1dCabpL7:UyAzVLSJP7FppL7

    Score
    10/10
    amadeyevasionpersistencetrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks