Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    46eef9428206f9323a75686d3660d205664e676ab805720ebd413a113d4c0ed4

  • Size

    1.1MB

  • Sample

    230416-ccswhsab2y

  • MD5

    52128df1c3f885289e245ba0d7ecdffe

  • SHA1

    eba9091567a40fa88f9f7a2bfa7ea2b3ade242fc

  • SHA256

    46eef9428206f9323a75686d3660d205664e676ab805720ebd413a113d4c0ed4

  • SHA512

    ceeda6701dda78c603c37ec10f1f84d04d109c4c17b4561c8f5a902ddf1098e3f23570045d0f87717a68d13ecf3a4d30396d6553e3229940151360597110c1d1

  • SSDEEP

    24576:eyg5qBzdBeVdtaB5a33KrBWbkQVSqFcbgd6lwE6wNQBqE:tJBHqtaBn18k/DkdVdfB

Malware Config

Targets

    • Target

      46eef9428206f9323a75686d3660d205664e676ab805720ebd413a113d4c0ed4

    • Size

      1.1MB

    • MD5

      52128df1c3f885289e245ba0d7ecdffe

    • SHA1

      eba9091567a40fa88f9f7a2bfa7ea2b3ade242fc

    • SHA256

      46eef9428206f9323a75686d3660d205664e676ab805720ebd413a113d4c0ed4

    • SHA512

      ceeda6701dda78c603c37ec10f1f84d04d109c4c17b4561c8f5a902ddf1098e3f23570045d0f87717a68d13ecf3a4d30396d6553e3229940151360597110c1d1

    • SSDEEP

      24576:eyg5qBzdBeVdtaB5a33KrBWbkQVSqFcbgd6lwE6wNQBqE:tJBHqtaBn18k/DkdVdfB

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks