Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    566KB

  • Sample

    230208-lr7gwsaa43

  • MD5

    676bda5e541c413de85eea651c3445e6

  • SHA1

    6acc0023022b7de99af6d590b1c2b101cfbf2951

  • SHA256

    e357d9f890dc004b7b1de06a5164d75839392e92ef85436db7a0e46cb4929fc1

  • SHA512

    2ac2f81624337ed2891e4045e807f2d67d37e15fd26ebeb176838e5e1e08ba63384c4f2756c67ce456e22e5c7921ad74bb088752564f7cea79ab2acc3a29a24b

  • SSDEEP

    12288:QMrCy90hVOjt2hPZINYtdBleck9eHQzcK+l7B0w5x/:Cy72hPZINYrS39ommmwX

Score
10/10
amadeyevasionpersistencetrojan

Malware Config

Extracted

Family

amadey

Version

3.66

C2

62.204.41.4/Gol478Ns/index.php

Targets

    • Target

      file.exe

    • Size

      566KB

    • MD5

      676bda5e541c413de85eea651c3445e6

    • SHA1

      6acc0023022b7de99af6d590b1c2b101cfbf2951

    • SHA256

      e357d9f890dc004b7b1de06a5164d75839392e92ef85436db7a0e46cb4929fc1

    • SHA512

      2ac2f81624337ed2891e4045e807f2d67d37e15fd26ebeb176838e5e1e08ba63384c4f2756c67ce456e22e5c7921ad74bb088752564f7cea79ab2acc3a29a24b

    • SSDEEP

      12288:QMrCy90hVOjt2hPZINYtdBleck9eHQzcK+l7B0w5x/:Cy72hPZINYrS39ommmwX

    Score
    10/10
    amadeyevasionpersistencetrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks