Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
7C5F0FB436E189AD3E8C2074F9F1CC24.exe
-
Size
1.7MB
-
Sample
230711-3pdv8scb8y
-
MD5
7c5f0fb436e189ad3e8c2074f9f1cc24
-
SHA1
1cc2189c2b8d5d8cfe1cbe520770ac523612b792
-
SHA256
a1c3aab7bc661fee2a1b3dea08f827e179d0991a58438efe8c464d22f9d73558
-
SHA512
74cb36646a665a4b6c3b040c8937251e2c30f169d1ae1c50e98430f87b035ad25d8f24292ce0aff09203fec00f2b93964c79eabd82da964acf02ba24cf554533
-
SSDEEP
12288:hsmqGF1MtAY8J0awXVF005vhTlqIKJh7x/iib25QPHUtd:hz/LpY8KawX0YvZsx/iib2Ew
Malware Config
Extracted
amadey
3.85
getupdate.click/8bmeVwqx/index.php
getupdate2.click /8bmeVwqx/index.php
getupdate3.click/8bmeVwqx/index.php
Targets
-
-
Target
7C5F0FB436E189AD3E8C2074F9F1CC24.exe
-
Size
1.7MB
-
MD5
7c5f0fb436e189ad3e8c2074f9f1cc24
-
SHA1
1cc2189c2b8d5d8cfe1cbe520770ac523612b792
-
SHA256
a1c3aab7bc661fee2a1b3dea08f827e179d0991a58438efe8c464d22f9d73558
-
SHA512
74cb36646a665a4b6c3b040c8937251e2c30f169d1ae1c50e98430f87b035ad25d8f24292ce0aff09203fec00f2b93964c79eabd82da964acf02ba24cf554533
-
SSDEEP
12288:hsmqGF1MtAY8J0awXVF005vhTlqIKJh7x/iib25QPHUtd:hz/LpY8KawX0YvZsx/iib2Ew
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-