Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    bac38bcada2ee57a75b126845b7fc81e6ccfe6f6075424bc3fc8033f80c2db0e

  • Size

    951KB

  • Sample

    230421-tlbr2aaf4y

  • MD5

    0389f0f3ceebe38bf989d378b4d6869b

  • SHA1

    16ef1c4a3d8fd58a09d5510e7ffe46162e329c0a

  • SHA256

    bac38bcada2ee57a75b126845b7fc81e6ccfe6f6075424bc3fc8033f80c2db0e

  • SHA512

    956c65afd588d872c622e97a517e1bc8b323cee01de4c372e3c4684d8bb8623a0efdfc8bd5369fd8e0b46ffe6465430eac48ce032efae35d4ad7f280d77de82c

  • SSDEEP

    24576:FyiUMvainozm5saOK6F31oCMAkT4CgoW3vJCdYvVk1U:givayV5dOK41Mm73vJm3

Malware Config

Targets

    • Target

      bac38bcada2ee57a75b126845b7fc81e6ccfe6f6075424bc3fc8033f80c2db0e

    • Size

      951KB

    • MD5

      0389f0f3ceebe38bf989d378b4d6869b

    • SHA1

      16ef1c4a3d8fd58a09d5510e7ffe46162e329c0a

    • SHA256

      bac38bcada2ee57a75b126845b7fc81e6ccfe6f6075424bc3fc8033f80c2db0e

    • SHA512

      956c65afd588d872c622e97a517e1bc8b323cee01de4c372e3c4684d8bb8623a0efdfc8bd5369fd8e0b46ffe6465430eac48ce032efae35d4ad7f280d77de82c

    • SSDEEP

      24576:FyiUMvainozm5saOK6F31oCMAkT4CgoW3vJCdYvVk1U:givayV5dOK41Mm73vJm3

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks