Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6d27137521f0fde8fae055f9f1047765d3ac5fc0e9f0baa8c02bd05a707ff3c6

  • Size

    1.4MB

  • Sample

    230416-gv4syshc23

  • MD5

    734e7a546348796ec1baf1b9b91473c2

  • SHA1

    46e230d052c54cb3d30ae201d8a548e74f859af2

  • SHA256

    6d27137521f0fde8fae055f9f1047765d3ac5fc0e9f0baa8c02bd05a707ff3c6

  • SHA512

    6b21ed4472228ad91751b43b8876f26dfaf204a9dbf404fdb1fd2fa63279e8f1e70e7414db54bf7c9a0a80651aab1dd995bcdca125cd823ad1725eaf28f24d74

  • SSDEEP

    24576:NyhfAzyrbkPSoOQUsu6/m8qnlwvb4RD7EeBdDlDvptyIUHPLJ2PL:oh4+rbXohu6/m8q+z4VEeB9l9tdUvq

Malware Config

Extracted

Family

amadey

Version

3.70

C2

193.201.9.43/plays/chapter/index.php

Targets

    • Target

      6d27137521f0fde8fae055f9f1047765d3ac5fc0e9f0baa8c02bd05a707ff3c6

    • Size

      1.4MB

    • MD5

      734e7a546348796ec1baf1b9b91473c2

    • SHA1

      46e230d052c54cb3d30ae201d8a548e74f859af2

    • SHA256

      6d27137521f0fde8fae055f9f1047765d3ac5fc0e9f0baa8c02bd05a707ff3c6

    • SHA512

      6b21ed4472228ad91751b43b8876f26dfaf204a9dbf404fdb1fd2fa63279e8f1e70e7414db54bf7c9a0a80651aab1dd995bcdca125cd823ad1725eaf28f24d74

    • SSDEEP

      24576:NyhfAzyrbkPSoOQUsu6/m8qnlwvb4RD7EeBdDlDvptyIUHPLJ2PL:oh4+rbXohu6/m8q+z4VEeB9l9tdUvq

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks