Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

4d9bf71edf...bd.exe

windows7-x64

10

4d9bf71edf...bd.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a93fe8ddf2804386a3cf6c9e112c647a.bin

  • Size

    470KB

  • Sample

    230211-b423tsbd53

  • MD5

    027519239ecea90c4df4643fd0c1be8c

  • SHA1

    a7fa3a3be01869491cb08da6d9a76dc6937032c8

  • SHA256

    14933a030238c148fe7e405c4cc4c604c2b51e948b2daf181fdc7d548d36e877

  • SHA512

    d1cf2fe03a1b0ea1b5c75dd16868c853f5f35567ada40615221ed95b060d572f95a56a50a184cece0b3594d6d6707bf5db1cc9bc2ed432e843284abb7328e6f8

  • SSDEEP

    12288:q+XE5h/nfzq/XDE08yv4WmHNxSDWpwuF4ehzXQs8jQ:pwh/fz2XDXD6HNxSypLF4UzXCjQ

Score
10/10
amadeyevasionpersistencetrojan

Malware Config

Extracted

Family

amadey

Version

3.66

C2

62.204.41.4/Gol478Ns/index.php

Targets

    • Target

      4d9bf71edf2fb4b9b85cdee88eff0cf5b109fe559354d4c33bf2083f873790bd.exe

    • Size

      521KB

    • MD5

      a93fe8ddf2804386a3cf6c9e112c647a

    • SHA1

      805030d0e0497eb17dd73dd87bbbf4a6b430c342

    • SHA256

      4d9bf71edf2fb4b9b85cdee88eff0cf5b109fe559354d4c33bf2083f873790bd

    • SHA512

      b14f7d2c6a7fb0eec28b17202e2a85a68eb417ef681cc224e2aaff0e3b5b171a12b28fee3d0c8a9faff2ff9d7830c4ec9fdc935f8c78736b782d9f6ebe1e777c

    • SSDEEP

      12288:EMr/y90OnXo1RiP2K4x3a2T6ygg1ghr8:Lyh4Of4x3aRZg1M8

    Score
    10/10
    amadeyevasionpersistencetrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks