Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6830ff85bde093e55e543165c1f9451c10577bc5207800ed3ee064ca0f712f1d

  • Size

    1.4MB

  • Sample

    230415-1vryyahe2t

  • MD5

    c9a46f32c02efa67dc51817b199b669c

  • SHA1

    cfa5dc31625ad4e60f938ca19290b6fc7a0338ab

  • SHA256

    6830ff85bde093e55e543165c1f9451c10577bc5207800ed3ee064ca0f712f1d

  • SHA512

    bb5986e18e93b5bf2d83875a24c6622c3fed6c54f6b4de7fb2adc6fd071e0d9241a2b1dd570619dfde25d039dfa4a2c32f87b8716c5bd1463ec80f01ecb4f584

  • SSDEEP

    24576:vyGvEzW3JGw2gC7kvzhYgDn4SYyoKhyOe4FoM/XO9ODJi/5iRQzMv7bcRd3:6EEq3MwEkviEn4SYSQBM/XOTsRQzy7bc

Malware Config

Extracted

Family

amadey

Version

3.70

C2

193.201.9.43/plays/chapter/index.php

Targets

    • Target

      6830ff85bde093e55e543165c1f9451c10577bc5207800ed3ee064ca0f712f1d

    • Size

      1.4MB

    • MD5

      c9a46f32c02efa67dc51817b199b669c

    • SHA1

      cfa5dc31625ad4e60f938ca19290b6fc7a0338ab

    • SHA256

      6830ff85bde093e55e543165c1f9451c10577bc5207800ed3ee064ca0f712f1d

    • SHA512

      bb5986e18e93b5bf2d83875a24c6622c3fed6c54f6b4de7fb2adc6fd071e0d9241a2b1dd570619dfde25d039dfa4a2c32f87b8716c5bd1463ec80f01ecb4f584

    • SSDEEP

      24576:vyGvEzW3JGw2gC7kvzhYgDn4SYyoKhyOe4FoM/XO9ODJi/5iRQzMv7bcRd3:6EEq3MwEkviEn4SYSQBM/XOTsRQzy7bc

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks