Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    850365dd6bb63649f52baf4d1385cc3459717cf6cfc0601f73552779d8d05940

  • Size

    1.2MB

  • Sample

    230419-f2qz1aac5y

  • MD5

    0969c5c12a38a4578efe9070c9d6a60a

  • SHA1

    3a50df8305cf41c63193154bb8005db3f085e3ef

  • SHA256

    850365dd6bb63649f52baf4d1385cc3459717cf6cfc0601f73552779d8d05940

  • SHA512

    4c5139f2f8b728e86ac5c50a5d245fb26060ea7bc000fff8e15ce033b656d85a221e202ba118376fc609685654fb40f5e9598ae9c83be8883175814d56d7b554

  • SSDEEP

    24576:1yLrsee5ue7P4g2hvwOMghjtAh53up+x44pQh3:QNeZz4g4vw8cep6V2h

Malware Config

Extracted

Family

amadey

Version

3.70

C2

212.113.119.255/joomla/index.php

Targets

    • Target

      850365dd6bb63649f52baf4d1385cc3459717cf6cfc0601f73552779d8d05940

    • Size

      1.2MB

    • MD5

      0969c5c12a38a4578efe9070c9d6a60a

    • SHA1

      3a50df8305cf41c63193154bb8005db3f085e3ef

    • SHA256

      850365dd6bb63649f52baf4d1385cc3459717cf6cfc0601f73552779d8d05940

    • SHA512

      4c5139f2f8b728e86ac5c50a5d245fb26060ea7bc000fff8e15ce033b656d85a221e202ba118376fc609685654fb40f5e9598ae9c83be8883175814d56d7b554

    • SSDEEP

      24576:1yLrsee5ue7P4g2hvwOMghjtAh53up+x44pQh3:QNeZz4g4vw8cep6V2h

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks