Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    55d6e88e7b8308e4dc1a3890f34f0b667aafc4e79f53fac8a2aec72ddac84f17

  • Size

    944KB

  • Sample

    230421-r5amzagb36

  • MD5

    7e9ab50d780b0305699103cd67a637d8

  • SHA1

    a3d32428788661672b25772a28af4c0ef772cc05

  • SHA256

    55d6e88e7b8308e4dc1a3890f34f0b667aafc4e79f53fac8a2aec72ddac84f17

  • SHA512

    3227f4811251736fa01999db08c7386b7cfc8af2b216531f22c55c33c27618855aa58911e56e6e56739f861e876c1773d5ed036e7f50546e1d11d16782e9d48d

  • SSDEEP

    24576:my7CmA6RXOZ6q2Aka3aIgdvtuByBCcAT5XUwy/mjF:1J3RBrcKldvhBCTT5XUB/

Malware Config

Targets

    • Target

      55d6e88e7b8308e4dc1a3890f34f0b667aafc4e79f53fac8a2aec72ddac84f17

    • Size

      944KB

    • MD5

      7e9ab50d780b0305699103cd67a637d8

    • SHA1

      a3d32428788661672b25772a28af4c0ef772cc05

    • SHA256

      55d6e88e7b8308e4dc1a3890f34f0b667aafc4e79f53fac8a2aec72ddac84f17

    • SHA512

      3227f4811251736fa01999db08c7386b7cfc8af2b216531f22c55c33c27618855aa58911e56e6e56739f861e876c1773d5ed036e7f50546e1d11d16782e9d48d

    • SSDEEP

      24576:my7CmA6RXOZ6q2Aka3aIgdvtuByBCcAT5XUwy/mjF:1J3RBrcKldvhBCTT5XUB/

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks