Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    21b4358030c21bb96823c110b57779f59d939f64bd29c5660771cb8dab7af15f

  • Size

    958KB

  • Sample

    230421-yaef1abe3t

  • MD5

    b0c31bd86763b0ca7f374c1b6c11d9a2

  • SHA1

    298d41b7c26f3be255d731919a4100c810669314

  • SHA256

    21b4358030c21bb96823c110b57779f59d939f64bd29c5660771cb8dab7af15f

  • SHA512

    d38573a5367c104c902834ad8eca81aa6bfde2e4a15144c5c7c0a3f112f59b3641eea8eaefa186d236acb679e34a115e54aa0bc63d8da67e182c05fa65a2dec8

  • SSDEEP

    24576:my3rnsvvOSSwERo3XWbiN5R/SJ9ROAWTBw7iKI0s0+qKKMAi:17sXOSSUN5lGOkHf89KMA

Malware Config

Targets

    • Target

      21b4358030c21bb96823c110b57779f59d939f64bd29c5660771cb8dab7af15f

    • Size

      958KB

    • MD5

      b0c31bd86763b0ca7f374c1b6c11d9a2

    • SHA1

      298d41b7c26f3be255d731919a4100c810669314

    • SHA256

      21b4358030c21bb96823c110b57779f59d939f64bd29c5660771cb8dab7af15f

    • SHA512

      d38573a5367c104c902834ad8eca81aa6bfde2e4a15144c5c7c0a3f112f59b3641eea8eaefa186d236acb679e34a115e54aa0bc63d8da67e182c05fa65a2dec8

    • SSDEEP

      24576:my3rnsvvOSSwERo3XWbiN5R/SJ9ROAWTBw7iKI0s0+qKKMAi:17sXOSSUN5lGOkHf89KMA

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks