Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    942c897f2d0985b58e0497a06ab85099c910cab7a80e34f242dfb96b58bed23b

  • Size

    1.1MB

  • Sample

    230418-g1cawsbf71

  • MD5

    325efd26c4453afd714c4b4515e3f545

  • SHA1

    adaebe1dfad1758b86bec790aab27c7db6421810

  • SHA256

    942c897f2d0985b58e0497a06ab85099c910cab7a80e34f242dfb96b58bed23b

  • SHA512

    b0ee18f72219a261d59279e735daf5e20a13d7de8d72b9c6f6afd47bab1a8b2942362ff4d0cb0bc1b2ec37ae2799e8fe2bab6a7d64c24b901967b46f2d4df3f6

  • SSDEEP

    24576:+yrKX13+A1KouuljVSP/KwG7vRuuZ7GJVYUbFihKhgrlEz:N+FJ1Myju/A75uuZaJqK2KWE

Malware Config

Targets

    • Target

      942c897f2d0985b58e0497a06ab85099c910cab7a80e34f242dfb96b58bed23b

    • Size

      1.1MB

    • MD5

      325efd26c4453afd714c4b4515e3f545

    • SHA1

      adaebe1dfad1758b86bec790aab27c7db6421810

    • SHA256

      942c897f2d0985b58e0497a06ab85099c910cab7a80e34f242dfb96b58bed23b

    • SHA512

      b0ee18f72219a261d59279e735daf5e20a13d7de8d72b9c6f6afd47bab1a8b2942362ff4d0cb0bc1b2ec37ae2799e8fe2bab6a7d64c24b901967b46f2d4df3f6

    • SSDEEP

      24576:+yrKX13+A1KouuljVSP/KwG7vRuuZ7GJVYUbFihKhgrlEz:N+FJ1Myju/A75uuZaJqK2KWE

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks