Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5abd4adb15675c3c00d77595705f1cbfd8db6adefd3070682cf171a663103c33

  • Size

    980KB

  • Sample

    230417-nerl1sfe41

  • MD5

    12a5b2c98bbeebabb3f583e6c329217c

  • SHA1

    7db94993d92c87e3e0cd97f2b142661d2c7a7fb1

  • SHA256

    5abd4adb15675c3c00d77595705f1cbfd8db6adefd3070682cf171a663103c33

  • SHA512

    8a9d6578d9afbb1c6ed81839a678c457559bbde6a6107b3778bcb16e52575eb74febcd4edfedf4b27716c30fdffdd2d5aef118f768b0ea005292da415e05711d

  • SSDEEP

    24576:MycYTw6pQhVHfhISr5zRRVWX+PKoVgBFKWAELkXWt0QE:7cYsJhVZIqzRuOioQAWtP

Malware Config

Targets

    • Target

      5abd4adb15675c3c00d77595705f1cbfd8db6adefd3070682cf171a663103c33

    • Size

      980KB

    • MD5

      12a5b2c98bbeebabb3f583e6c329217c

    • SHA1

      7db94993d92c87e3e0cd97f2b142661d2c7a7fb1

    • SHA256

      5abd4adb15675c3c00d77595705f1cbfd8db6adefd3070682cf171a663103c33

    • SHA512

      8a9d6578d9afbb1c6ed81839a678c457559bbde6a6107b3778bcb16e52575eb74febcd4edfedf4b27716c30fdffdd2d5aef118f768b0ea005292da415e05711d

    • SSDEEP

      24576:MycYTw6pQhVHfhISr5zRRVWX+PKoVgBFKWAELkXWt0QE:7cYsJhVZIqzRuOioQAWtP

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks