Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
6405209a54a62dfc4c71c8d5eecd1aa69b4338112f75732b5a31c30ac5450cde
-
Size
981KB
-
Sample
230417-1td1pahh8z
-
MD5
423d0d972a36caae464c248b4c01e90d
-
SHA1
9b2735ae33dfe764ed7fc26257e26850555d15ff
-
SHA256
6405209a54a62dfc4c71c8d5eecd1aa69b4338112f75732b5a31c30ac5450cde
-
SHA512
ab4c58822f303e467854e5f899d5b114ddb21ce7a522a26ba5e7372c632cc905d922d62ffcb553be8cd17dc4e4de154eda39ba24fa571e121fed3d6a6290549b
-
SSDEEP
24576:2yFedOYtlsyvJhORuRh4tVV5XbxUwJgeyCHbVhvdq1Nhke:FFedDJJhOR2GtVfajeJ7Vhwh
Malware Config
Targets
-
-
Target
6405209a54a62dfc4c71c8d5eecd1aa69b4338112f75732b5a31c30ac5450cde
-
Size
981KB
-
MD5
423d0d972a36caae464c248b4c01e90d
-
SHA1
9b2735ae33dfe764ed7fc26257e26850555d15ff
-
SHA256
6405209a54a62dfc4c71c8d5eecd1aa69b4338112f75732b5a31c30ac5450cde
-
SHA512
ab4c58822f303e467854e5f899d5b114ddb21ce7a522a26ba5e7372c632cc905d922d62ffcb553be8cd17dc4e4de154eda39ba24fa571e121fed3d6a6290549b
-
SSDEEP
24576:2yFedOYtlsyvJhORuRh4tVV5XbxUwJgeyCHbVhvdq1Nhke:FFedDJJhOR2GtVfajeJ7Vhwh
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Modifies Windows Defender Real-time Protection settings
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-