Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6405209a54a62dfc4c71c8d5eecd1aa69b4338112f75732b5a31c30ac5450cde

  • Size

    981KB

  • Sample

    230417-1td1pahh8z

  • MD5

    423d0d972a36caae464c248b4c01e90d

  • SHA1

    9b2735ae33dfe764ed7fc26257e26850555d15ff

  • SHA256

    6405209a54a62dfc4c71c8d5eecd1aa69b4338112f75732b5a31c30ac5450cde

  • SHA512

    ab4c58822f303e467854e5f899d5b114ddb21ce7a522a26ba5e7372c632cc905d922d62ffcb553be8cd17dc4e4de154eda39ba24fa571e121fed3d6a6290549b

  • SSDEEP

    24576:2yFedOYtlsyvJhORuRh4tVV5XbxUwJgeyCHbVhvdq1Nhke:FFedDJJhOR2GtVfajeJ7Vhwh

Malware Config

Targets

    • Target

      6405209a54a62dfc4c71c8d5eecd1aa69b4338112f75732b5a31c30ac5450cde

    • Size

      981KB

    • MD5

      423d0d972a36caae464c248b4c01e90d

    • SHA1

      9b2735ae33dfe764ed7fc26257e26850555d15ff

    • SHA256

      6405209a54a62dfc4c71c8d5eecd1aa69b4338112f75732b5a31c30ac5450cde

    • SHA512

      ab4c58822f303e467854e5f899d5b114ddb21ce7a522a26ba5e7372c632cc905d922d62ffcb553be8cd17dc4e4de154eda39ba24fa571e121fed3d6a6290549b

    • SSDEEP

      24576:2yFedOYtlsyvJhORuRh4tVV5XbxUwJgeyCHbVhvdq1Nhke:FFedDJJhOR2GtVfajeJ7Vhwh

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks