Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    69dc425c1ab77f130abba1ab4c4395f8d7bba2ee10e600d6d340d344851a6457

  • Size

    980KB

  • Sample

    230417-q2fjdaed72

  • MD5

    d721eb4b3a68e93eb2ddbe1e00f41a6b

  • SHA1

    9329899ecb3d86a6a358daa072a9742ea6e0e8ef

  • SHA256

    69dc425c1ab77f130abba1ab4c4395f8d7bba2ee10e600d6d340d344851a6457

  • SHA512

    adc210e2a1669d4cb64e5f0ab6c35a159e0f39ff8d5bc2fc7b7c1a513e6a236ce55f4b84aba020e2acb3936067e1e74b13746b9a593aa2a86e036dc5a7b7ee26

  • SSDEEP

    12288:fy90au6WSs/3XhVdyImvemPpOMgq/6oKZWBjYtL6r/bgr+lsxPusW54bYfC7JHxL:fycws7AI81PpPK4WtIdliPuOhNHxhh/

Malware Config

Targets

    • Target

      69dc425c1ab77f130abba1ab4c4395f8d7bba2ee10e600d6d340d344851a6457

    • Size

      980KB

    • MD5

      d721eb4b3a68e93eb2ddbe1e00f41a6b

    • SHA1

      9329899ecb3d86a6a358daa072a9742ea6e0e8ef

    • SHA256

      69dc425c1ab77f130abba1ab4c4395f8d7bba2ee10e600d6d340d344851a6457

    • SHA512

      adc210e2a1669d4cb64e5f0ab6c35a159e0f39ff8d5bc2fc7b7c1a513e6a236ce55f4b84aba020e2acb3936067e1e74b13746b9a593aa2a86e036dc5a7b7ee26

    • SSDEEP

      12288:fy90au6WSs/3XhVdyImvemPpOMgq/6oKZWBjYtL6r/bgr+lsxPusW54bYfC7JHxL:fycws7AI81PpPK4WtIdliPuOhNHxhh/

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks