Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    569KB

  • Sample

    230208-vrdz1sdc73

  • MD5

    c91f969162f0e2bbef7fcad43f5fa5fa

  • SHA1

    c5a7f9785b803f24cef47aafa78314a159ad13d3

  • SHA256

    6fa1ef9c21ed2a141243146d101868ca20c5aa170a7761ff1bd3b90138cb31ac

  • SHA512

    fb9c16431e006ec8daa533b930f74827ef656368ee87f6fd22d6d5db93afd2426658863a3bf5554fc1cf4ef263c0824e3e967539e47b0b280e20c31ccdeed752

  • SSDEEP

    12288:yMruy90OgdakZMh1aPlhqPKokhPUmz4y6DW:EyoVMbaNghkVz4c

Malware Config

Extracted

Family

amadey

Version

3.66

C2

62.204.41.4/Gol478Ns/index.php

Targets

    • Target

      file.exe

    • Size

      569KB

    • MD5

      c91f969162f0e2bbef7fcad43f5fa5fa

    • SHA1

      c5a7f9785b803f24cef47aafa78314a159ad13d3

    • SHA256

      6fa1ef9c21ed2a141243146d101868ca20c5aa170a7761ff1bd3b90138cb31ac

    • SHA512

      fb9c16431e006ec8daa533b930f74827ef656368ee87f6fd22d6d5db93afd2426658863a3bf5554fc1cf4ef263c0824e3e967539e47b0b280e20c31ccdeed752

    • SSDEEP

      12288:yMruy90OgdakZMh1aPlhqPKokhPUmz4y6DW:EyoVMbaNghkVz4c

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks