Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

PBQB.cmd

windows7-x64

7

PBQB.cmd

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PBQB.cmd

  • Size

    366KB

  • Sample

    230505-nemytshf87

  • MD5

    4b5e91dc56c53e6d9a765c8fda760786

  • SHA1

    f2081c4500b6f324ab840bc1dd89370d355367ef

  • SHA256

    c112a2d7b7f2d1297d817b89dcdea142b4bd439bd533db9f6aa8b36d8d943d64

  • SHA512

    ef5f8186f33ce964875adac3e151b9a6f036a8ad9c86c6b017ed8185da967c1693e62135a2c59ae5737dd4d1b35aa63d805a7a84352797aeb8c7cbe55d39378b

  • SSDEEP

    6144:ds0RP07shisP903rwOoQ2zUT540YjzcPuhLJpQyaTRBIT4uxWVqxcS4DHATSNfw3:ds0C7Yt67rd4rAPA4yaTcdfP4Tbqdsy

Score
10/10
amadeytrojan

Malware Config

Extracted

Family

amadey

Version

3.70

C2

myserveur855.cc/8bmeVwqx/index.php

Targets

    • Target

      PBQB.cmd

    • Size

      366KB

    • MD5

      4b5e91dc56c53e6d9a765c8fda760786

    • SHA1

      f2081c4500b6f324ab840bc1dd89370d355367ef

    • SHA256

      c112a2d7b7f2d1297d817b89dcdea142b4bd439bd533db9f6aa8b36d8d943d64

    • SHA512

      ef5f8186f33ce964875adac3e151b9a6f036a8ad9c86c6b017ed8185da967c1693e62135a2c59ae5737dd4d1b35aa63d805a7a84352797aeb8c7cbe55d39378b

    • SSDEEP

      6144:ds0RP07shisP903rwOoQ2zUT540YjzcPuhLJpQyaTRBIT4uxWVqxcS4DHATSNfw3:ds0C7Yt67rd4rAPA4yaTcdfP4Tbqdsy

    Score
    10/10
    amadeytrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks