Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    72f585f24f8efbdd0c4a0c1dede395c282856e8cd25af1e2d7055ee053b5e24d

  • Size

    1.0MB

  • Sample

    230424-yd22gaeb62

  • MD5

    1180fb9ee6f43ea57e520084d89822a6

  • SHA1

    0e6315f82abd127853851374931f2ab8f2196511

  • SHA256

    72f585f24f8efbdd0c4a0c1dede395c282856e8cd25af1e2d7055ee053b5e24d

  • SHA512

    cc060fbe451a37b10447596497c44857aa69e657bf35dcda7f88e36e4f488c135abb67566877fa61bd03ba0449a44ce7ab626b15f653acb960eeb582c6151cc7

  • SSDEEP

    24576:+yW0Rg9IeHlRrP+wdYWy+X0lhZgmWZwtX:N2HlTdjyGgZDz

Malware Config

Extracted

Family

amadey

Version

3.70

C2

212.113.119.255/joomla/index.php

Targets

    • Target

      72f585f24f8efbdd0c4a0c1dede395c282856e8cd25af1e2d7055ee053b5e24d

    • Size

      1.0MB

    • MD5

      1180fb9ee6f43ea57e520084d89822a6

    • SHA1

      0e6315f82abd127853851374931f2ab8f2196511

    • SHA256

      72f585f24f8efbdd0c4a0c1dede395c282856e8cd25af1e2d7055ee053b5e24d

    • SHA512

      cc060fbe451a37b10447596497c44857aa69e657bf35dcda7f88e36e4f488c135abb67566877fa61bd03ba0449a44ce7ab626b15f653acb960eeb582c6151cc7

    • SSDEEP

      24576:+yW0Rg9IeHlRrP+wdYWy+X0lhZgmWZwtX:N2HlTdjyGgZDz

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks