Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
52fc8ad03ae322296a98723c2d0be957546e78c50c82f15f26ff8bcf386a99bb
-
Size
1.3MB
-
Sample
230417-z85xaahh2s
-
MD5
e8fdcf84008c014587168eb650da3a77
-
SHA1
4b58f904a8c49caa87377cd465cc00091a186c08
-
SHA256
52fc8ad03ae322296a98723c2d0be957546e78c50c82f15f26ff8bcf386a99bb
-
SHA512
2ac41b61b4919dd5c371d8eeb30ebdc1c83fd9d2a5ff1a895579cf7088feb997f88f87dbf3cdd1e2faa776251c15c510e3d0e013974bcabc7d8624d18c5de173
-
SSDEEP
24576:+ynO44GeH3cfRiy1okOjHucVDlVtI4C+FXH0XJ9Disw8OGntJh:Nnxs3wiy1okSHucHsaX0XW2Pz
Malware Config
Extracted
amadey
3.70
193.201.9.43/plays/chapter/index.php
Targets
-
-
Target
52fc8ad03ae322296a98723c2d0be957546e78c50c82f15f26ff8bcf386a99bb
-
Size
1.3MB
-
MD5
e8fdcf84008c014587168eb650da3a77
-
SHA1
4b58f904a8c49caa87377cd465cc00091a186c08
-
SHA256
52fc8ad03ae322296a98723c2d0be957546e78c50c82f15f26ff8bcf386a99bb
-
SHA512
2ac41b61b4919dd5c371d8eeb30ebdc1c83fd9d2a5ff1a895579cf7088feb997f88f87dbf3cdd1e2faa776251c15c510e3d0e013974bcabc7d8624d18c5de173
-
SSDEEP
24576:+ynO44GeH3cfRiy1okOjHucVDlVtI4C+FXH0XJ9Disw8OGntJh:Nnxs3wiy1okSHucHsaX0XW2Pz
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Modifies Windows Defender Real-time Protection settings
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-