Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d917c622954a75b0972adcf0354c130d6dbb03c3cc1118d17c8170aa6d426276

  • Size

    983KB

  • Sample

    230417-23kehagd79

  • MD5

    b13f42753784b42d81bbada83356b0f9

  • SHA1

    5fe0c6125a446e8a683439da2e970e8feca69dad

  • SHA256

    d917c622954a75b0972adcf0354c130d6dbb03c3cc1118d17c8170aa6d426276

  • SHA512

    c7edde3e529154ad34c6ad3b61d51a712acd006b2f9541190b9d753af7522da52fbf7933e50ef352095b5c139a91ec73b640507e213ea78026f91c4654d98b37

  • SSDEEP

    24576:+y01juxS0bHzBQeyrPKUfxYw2rigt4H3k:N0kkWHFQeyrPfxKVtu

Malware Config

Targets

    • Target

      d917c622954a75b0972adcf0354c130d6dbb03c3cc1118d17c8170aa6d426276

    • Size

      983KB

    • MD5

      b13f42753784b42d81bbada83356b0f9

    • SHA1

      5fe0c6125a446e8a683439da2e970e8feca69dad

    • SHA256

      d917c622954a75b0972adcf0354c130d6dbb03c3cc1118d17c8170aa6d426276

    • SHA512

      c7edde3e529154ad34c6ad3b61d51a712acd006b2f9541190b9d753af7522da52fbf7933e50ef352095b5c139a91ec73b640507e213ea78026f91c4654d98b37

    • SSDEEP

      24576:+y01juxS0bHzBQeyrPKUfxYw2rigt4H3k:N0kkWHFQeyrPfxKVtu

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks