Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1198f9734025e6d21cb44b69daf796006435b536c84d237376707b6cda734ad2

  • Size

    952KB

  • Sample

    230418-jyygfsca8y

  • MD5

    e7cd2e16d494539cf0a558eafd77b590

  • SHA1

    693049d4c25c36704787034a5a0d7fea9ffbd030

  • SHA256

    1198f9734025e6d21cb44b69daf796006435b536c84d237376707b6cda734ad2

  • SHA512

    b0200cecbb28720a6ca82ab2db52b35b82f59adc5aac6306719bae52b28caf0a4250dccb7df653df5a86b8169b6846277532cf1521ec78f404d8784d231c7dbd

  • SSDEEP

    12288:ky90I3tvaY0jQt+u57o3M3XcAygeKyaeT2wJ22LXQenYpghuKrxiIWMI:kyXRabjQ+MbygeKR8p2mAeY2PxPxI

Malware Config

Targets

    • Target

      1198f9734025e6d21cb44b69daf796006435b536c84d237376707b6cda734ad2

    • Size

      952KB

    • MD5

      e7cd2e16d494539cf0a558eafd77b590

    • SHA1

      693049d4c25c36704787034a5a0d7fea9ffbd030

    • SHA256

      1198f9734025e6d21cb44b69daf796006435b536c84d237376707b6cda734ad2

    • SHA512

      b0200cecbb28720a6ca82ab2db52b35b82f59adc5aac6306719bae52b28caf0a4250dccb7df653df5a86b8169b6846277532cf1521ec78f404d8784d231c7dbd

    • SSDEEP

      12288:ky90I3tvaY0jQt+u57o3M3XcAygeKyaeT2wJ22LXQenYpghuKrxiIWMI:kyXRabjQ+MbygeKR8p2mAeY2PxPxI

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks