Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7985657b16c6d4ba528998b2609c417621d90c7ff920d0b76c9f275874bc628f

  • Size

    895KB

  • Sample

    230425-r2ccdscf9t

  • MD5

    b95934d7864ca5cd2efbdff154d8687c

  • SHA1

    08acad36d3dbc2511a0cad92e3594e6f82c39dfc

  • SHA256

    7985657b16c6d4ba528998b2609c417621d90c7ff920d0b76c9f275874bc628f

  • SHA512

    c604a711a986c2c310f3f0536e5a9279067445b389098101b9a02eecc6584009d35f555d5ce55fdb2ed8d8695f9b68c797a4701cd259cfbea2dd4d0ebe8467c8

  • SSDEEP

    12288:Py90Hb88x+61/yWp0+G6FEH2xcFQvTKCILwh/Asu1TTdAUW5vleu2K52pa1r4jD1:Py44QOAEHrQv6iOTdAUyWK52IQhI8

Malware Config

Extracted

Family

amadey

Version

3.70

C2

212.113.119.255/joomla/index.php

Targets

    • Target

      7985657b16c6d4ba528998b2609c417621d90c7ff920d0b76c9f275874bc628f

    • Size

      895KB

    • MD5

      b95934d7864ca5cd2efbdff154d8687c

    • SHA1

      08acad36d3dbc2511a0cad92e3594e6f82c39dfc

    • SHA256

      7985657b16c6d4ba528998b2609c417621d90c7ff920d0b76c9f275874bc628f

    • SHA512

      c604a711a986c2c310f3f0536e5a9279067445b389098101b9a02eecc6584009d35f555d5ce55fdb2ed8d8695f9b68c797a4701cd259cfbea2dd4d0ebe8467c8

    • SSDEEP

      12288:Py90Hb88x+61/yWp0+G6FEH2xcFQvTKCILwh/Asu1TTdAUW5vleu2K52pa1r4jD1:Py44QOAEHrQv6iOTdAUyWK52IQhI8

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks