Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    57d827a0d63bc6cf92cd0db57cf8799cdd7497b3735574fec37f2e5c457a0700

  • Size

    1.1MB

  • Sample

    230419-tz1nbadh3w

  • MD5

    3a3bbbb9b52b66dfedf89ed307a356bc

  • SHA1

    b11636db74bf7fb9873222968f25b9ce8d5be3b9

  • SHA256

    57d827a0d63bc6cf92cd0db57cf8799cdd7497b3735574fec37f2e5c457a0700

  • SHA512

    70464f302116f7933cfc2f09ccf13af5f97834439c88151af4bb6828a677d5b502e0ff0b5a3a1eb99dd50f6c8f60e6cbb89c76ffd929ce02a634c87e051ca0cb

  • SSDEEP

    24576:2yRTzIvwCVtjLMD5TXKsvRHJHZaQF+irr7zq55:FRPafLMD5ThLHZak/S

Malware Config

Extracted

Family

amadey

Version

3.70

C2

212.113.119.255/joomla/index.php

Targets

    • Target

      57d827a0d63bc6cf92cd0db57cf8799cdd7497b3735574fec37f2e5c457a0700

    • Size

      1.1MB

    • MD5

      3a3bbbb9b52b66dfedf89ed307a356bc

    • SHA1

      b11636db74bf7fb9873222968f25b9ce8d5be3b9

    • SHA256

      57d827a0d63bc6cf92cd0db57cf8799cdd7497b3735574fec37f2e5c457a0700

    • SHA512

      70464f302116f7933cfc2f09ccf13af5f97834439c88151af4bb6828a677d5b502e0ff0b5a3a1eb99dd50f6c8f60e6cbb89c76ffd929ce02a634c87e051ca0cb

    • SSDEEP

      24576:2yRTzIvwCVtjLMD5TXKsvRHJHZaQF+irr7zq55:FRPafLMD5ThLHZak/S

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks