Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b606564f0f10a974e2dbf6c523a121309f7f936585a56df536987d9881fff9ae
-
Size
1.1MB
-
Sample
230419-xv6wbach54
-
MD5
95c398d8f99f75dee3d7d884e77c8708
-
SHA1
24f14e0c33ead877813292ba2d6fd6eac906da10
-
SHA256
b606564f0f10a974e2dbf6c523a121309f7f936585a56df536987d9881fff9ae
-
SHA512
121284d20df85a3cc855d8d5b3ffd6664ab733a1fd497e57ba98e9a437b1798c3f3fcc86eaccceea177ad7d680b7f2183e13a6aa4f9bc4c7b4b2927b0ea546bd
-
SSDEEP
24576:/yWgjKU4IJIY5jPORViP4dFktHsjRKG3q8vMCE8XoR32x5GrU:KWIKHu0iP4bgHpG3qEMCEaoR+
Static task
static1
Malware Config
Extracted
amadey
3.70
212.113.119.255/joomla/index.php
Targets
-
-
Target
b606564f0f10a974e2dbf6c523a121309f7f936585a56df536987d9881fff9ae
-
Size
1.1MB
-
MD5
95c398d8f99f75dee3d7d884e77c8708
-
SHA1
24f14e0c33ead877813292ba2d6fd6eac906da10
-
SHA256
b606564f0f10a974e2dbf6c523a121309f7f936585a56df536987d9881fff9ae
-
SHA512
121284d20df85a3cc855d8d5b3ffd6664ab733a1fd497e57ba98e9a437b1798c3f3fcc86eaccceea177ad7d680b7f2183e13a6aa4f9bc4c7b4b2927b0ea546bd
-
SSDEEP
24576:/yWgjKU4IJIY5jPORViP4dFktHsjRKG3q8vMCE8XoR32x5GrU:KWIKHu0iP4bgHpG3qEMCEaoR+
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-