Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f26c64f64ddc778dbb2a43610108900f160cb599b91a211c1c8105d4a7757493

  • Size

    951KB

  • Sample

    230416-vrfhvaaf94

  • MD5

    b9e06bf0bb584793b841aff9a07d37f5

  • SHA1

    51c9f7dbbc4135d85282b552a32d8b58cda52fa4

  • SHA256

    f26c64f64ddc778dbb2a43610108900f160cb599b91a211c1c8105d4a7757493

  • SHA512

    32a17b6da0e9236a031b488c8fd4b9628157e8188caf4fcf0251398477a8fb91e393351482445c02957c43e39b676f0ab4e54ae747c828ece4bb3c19358ad9c4

  • SSDEEP

    24576:qyEK5xUIHq08B72S1vCbYQd+Dion8Lq0:xEK5bHlybqbYWGio8Lq

Malware Config

Targets

    • Target

      f26c64f64ddc778dbb2a43610108900f160cb599b91a211c1c8105d4a7757493

    • Size

      951KB

    • MD5

      b9e06bf0bb584793b841aff9a07d37f5

    • SHA1

      51c9f7dbbc4135d85282b552a32d8b58cda52fa4

    • SHA256

      f26c64f64ddc778dbb2a43610108900f160cb599b91a211c1c8105d4a7757493

    • SHA512

      32a17b6da0e9236a031b488c8fd4b9628157e8188caf4fcf0251398477a8fb91e393351482445c02957c43e39b676f0ab4e54ae747c828ece4bb3c19358ad9c4

    • SSDEEP

      24576:qyEK5xUIHq08B72S1vCbYQd+Dion8Lq0:xEK5bHlybqbYWGio8Lq

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks