Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    11445b64ee1f6e8e4650851cae400ea8d75f3c31a1bec8773060b9d7a04c995e

  • Size

    950KB

  • Sample

    230416-b5rcqaaa9t

  • MD5

    0aa1a864e61004e985d15f40c0bcecbd

  • SHA1

    a3e319ff5929e756282569ba716d9e8269114100

  • SHA256

    11445b64ee1f6e8e4650851cae400ea8d75f3c31a1bec8773060b9d7a04c995e

  • SHA512

    d7fdd1f3c65cc8bc1224a34bd6aa8aadb373f48a164f5a08e1114c9dc6b582fee591e96a1447cff66861f7ec10960a74b8e16e5d11668ac69d7be095be6cc412

  • SSDEEP

    24576:MyO/slbW1UcBK6KZhsuCqFvdYmDpq/M5KVazjA7/:7M51UccBCIamDpqxa3A

Malware Config

Targets

    • Target

      11445b64ee1f6e8e4650851cae400ea8d75f3c31a1bec8773060b9d7a04c995e

    • Size

      950KB

    • MD5

      0aa1a864e61004e985d15f40c0bcecbd

    • SHA1

      a3e319ff5929e756282569ba716d9e8269114100

    • SHA256

      11445b64ee1f6e8e4650851cae400ea8d75f3c31a1bec8773060b9d7a04c995e

    • SHA512

      d7fdd1f3c65cc8bc1224a34bd6aa8aadb373f48a164f5a08e1114c9dc6b582fee591e96a1447cff66861f7ec10960a74b8e16e5d11668ac69d7be095be6cc412

    • SSDEEP

      24576:MyO/slbW1UcBK6KZhsuCqFvdYmDpq/M5KVazjA7/:7M51UccBCIamDpqxa3A

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks