Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

0x00060000...96.exe

windows7-x64

10

0x00060000...96.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0x0006000000016d0a-96.dat

  • Size

    232KB

  • Sample

    230805-tk2basfa2s

  • MD5

    743b5c9f6f5fbb5059346a2376985923

  • SHA1

    f3d448aa71523d8684958845e8f6dfdf7d6a9b67

  • SHA256

    3c01340745ceefc84969818dc24e3e766fca00df81d75a97e97a16f3af8db8fd

  • SHA512

    510fdefcc9f72bc8b8395304a4137a85011bf2c7454b3ca37c42711899a4abb97507a9074bb35648b6c77b567e55a40b0676c4f5b5a4cdb2b1aa91a6eb94ff9c

  • SSDEEP

    3072:3vtV3ROZ6RDwrR3wMUzUVwQ3rInyRnIvPak3hhiHFSbuZhuNcZVKBzqm8LHIkbGB:ftV3euVz6rKyS3yHFHhuNcPKpwU+

Score
10/10
amadeypersistencetrojan

Malware Config

Extracted

Family

amadey

Version

3.86

C2

77.91.68.61/rock/index.php

Targets

    • Target

      0x0006000000016d0a-96.dat

    • Size

      232KB

    • MD5

      743b5c9f6f5fbb5059346a2376985923

    • SHA1

      f3d448aa71523d8684958845e8f6dfdf7d6a9b67

    • SHA256

      3c01340745ceefc84969818dc24e3e766fca00df81d75a97e97a16f3af8db8fd

    • SHA512

      510fdefcc9f72bc8b8395304a4137a85011bf2c7454b3ca37c42711899a4abb97507a9074bb35648b6c77b567e55a40b0676c4f5b5a4cdb2b1aa91a6eb94ff9c

    • SSDEEP

      3072:3vtV3ROZ6RDwrR3wMUzUVwQ3rInyRnIvPak3hhiHFSbuZhuNcZVKBzqm8LHIkbGB:ftV3euVz6rKyS3yHFHhuNcPKpwU+

    Score
    10/10
    amadeypersistencetrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks