Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

0x00070000...84.exe

windows7-x64

10

0x00070000...84.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0x0007000000016cef-84.dat

  • Size

    227KB

  • Sample

    230720-1pagpsbd7t

  • MD5

    cd0a4e8768e6d3a4296de951ab949ab5

  • SHA1

    47f6d7cc658e0888243a3c40f2d823162a756ef0

  • SHA256

    56de36e7a6759bcc4b288d6ef04f802b9dd2ae3ae2417fd842c5d0e8f34fc448

  • SHA512

    75a0f7c2e39f6e32c14c2814a4f615997f8f88c22ac9a6cde5fa4aab54466c89afd91ba5df6437073a98157519ab6b06e7cc9d9fc72af4b341042c6979873d9b

  • SSDEEP

    3072:oTzC4usLP+wOULUFAB3i9nyRA4/Prk3huiPFSbuZRuNcZVKOUm8LHIMbffWtsm3:oTzYsLdf/Rity237PFHRuNcPKOK3+

Score
10/10
amadeytrojan

Malware Config

Extracted

Family

amadey

Version

3.85

C2

77.91.68.3/home/love/index.php

Targets

    • Target

      0x0007000000016cef-84.dat

    • Size

      227KB

    • MD5

      cd0a4e8768e6d3a4296de951ab949ab5

    • SHA1

      47f6d7cc658e0888243a3c40f2d823162a756ef0

    • SHA256

      56de36e7a6759bcc4b288d6ef04f802b9dd2ae3ae2417fd842c5d0e8f34fc448

    • SHA512

      75a0f7c2e39f6e32c14c2814a4f615997f8f88c22ac9a6cde5fa4aab54466c89afd91ba5df6437073a98157519ab6b06e7cc9d9fc72af4b341042c6979873d9b

    • SSDEEP

      3072:oTzC4usLP+wOULUFAB3i9nyRA4/Prk3huiPFSbuZRuNcZVKOUm8LHIMbffWtsm3:oTzYsLdf/Rity237PFHRuNcPKOK3+

    Score
    10/10
    amadeytrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks