Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    eaf27b5987c79004147117f09f2a1d269a0c3ca7a004671f36dc1e5d6441129a

  • Size

    951KB

  • Sample

    230416-l9gzysbd9x

  • MD5

    955f46168fa6cd8972d037eccf246d75

  • SHA1

    4ff09bfb59844a20d815e7bf9a71b874e9641ada

  • SHA256

    eaf27b5987c79004147117f09f2a1d269a0c3ca7a004671f36dc1e5d6441129a

  • SHA512

    71637e79ef7c1d889e58645532231c20dcb667b31e22a431bc6bbf17b847298d9895b79530eba6b9171f18cdf26f55030298da231fa7959b74c9a60902e518c5

  • SSDEEP

    24576:uy4XKToruPeRSEcBkc7msQfCn6e6Sonf6kUwWFZc:9eK0CGRN+YW5yiw8Z

Malware Config

Targets

    • Target

      eaf27b5987c79004147117f09f2a1d269a0c3ca7a004671f36dc1e5d6441129a

    • Size

      951KB

    • MD5

      955f46168fa6cd8972d037eccf246d75

    • SHA1

      4ff09bfb59844a20d815e7bf9a71b874e9641ada

    • SHA256

      eaf27b5987c79004147117f09f2a1d269a0c3ca7a004671f36dc1e5d6441129a

    • SHA512

      71637e79ef7c1d889e58645532231c20dcb667b31e22a431bc6bbf17b847298d9895b79530eba6b9171f18cdf26f55030298da231fa7959b74c9a60902e518c5

    • SSDEEP

      24576:uy4XKToruPeRSEcBkc7msQfCn6e6Sonf6kUwWFZc:9eK0CGRN+YW5yiw8Z

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks