Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5514e5a91e4b192cae4f78fc9d4d10641704c3778d0fd418f305b081ba5b9862exe_JC.exe

  • Size

    6.9MB

  • Sample

    230803-w1kdtsfe36

  • MD5

    57794b001e1e8c4917aaa864268fec36

  • SHA1

    825e7a4c79f47d61df14a140398c2770ab22fb65

  • SHA256

    5514e5a91e4b192cae4f78fc9d4d10641704c3778d0fd418f305b081ba5b9862

  • SHA512

    5854c92417a8ca5fb9423483000bf26bb6bba7c89c414512efc5189f416f6f074d965d20ef279488033d06ba09a31d253b8de80f198ccaa81e792c463d3bd0a2

  • SSDEEP

    196608:gbJEeOGZPuknu4TNAzGx2tXuqIg1YJwPj:gbaElhDSus1YJwPj

Score
10/10

Malware Config

Extracted

Family

amadey

Version

3.85

C2

45.9.74.166/b7djSDcPcZ/index.php

45.9.74.141/b7djSDcPcZ/index.php

Targets

    • Target

      5514e5a91e4b192cae4f78fc9d4d10641704c3778d0fd418f305b081ba5b9862exe_JC.exe

    • Size

      6.9MB

    • MD5

      57794b001e1e8c4917aaa864268fec36

    • SHA1

      825e7a4c79f47d61df14a140398c2770ab22fb65

    • SHA256

      5514e5a91e4b192cae4f78fc9d4d10641704c3778d0fd418f305b081ba5b9862

    • SHA512

      5854c92417a8ca5fb9423483000bf26bb6bba7c89c414512efc5189f416f6f074d965d20ef279488033d06ba09a31d253b8de80f198ccaa81e792c463d3bd0a2

    • SSDEEP

      196608:gbJEeOGZPuknu4TNAzGx2tXuqIg1YJwPj:gbaElhDSus1YJwPj

    Score
    10/10
    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Executes dropped EXE

    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

MITRE ATT&CK Enterprise v15

Tasks