Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
y6198000.exe
-
Size
234KB
-
Sample
230807-e133haeg8t
-
MD5
1580a52a4b26f11aba77f2039012acf0
-
SHA1
4c2c491fc2df2bda9989deeee189a2898b62526a
-
SHA256
c4a4fa4690d4ccb274cdd0e0bf2b60b47461942b3fcb1eab4fb6fcb508e1cb15
-
SHA512
035f1b2ec75f12b07f755e0ba2c4a05d568e8670ec7fe7ab5f506af63543f7773f191405272d51349af034efb93159bda8c3246e7cea4e58bf51cf934ffe6f61
-
SSDEEP
3072:KDy+bnr+O1p5GWp1icKAArDZz4N9GhbkrNEk1e6D5dMOt7WQqmuXIsjQoc:KDy+bnr+ep0yN90QEjzDQqmSv
Malware Config
Extracted
amadey
3.86
77.91.68.61/rock/index.php
Targets
-
-
Target
y6198000.exe
-
Size
234KB
-
MD5
1580a52a4b26f11aba77f2039012acf0
-
SHA1
4c2c491fc2df2bda9989deeee189a2898b62526a
-
SHA256
c4a4fa4690d4ccb274cdd0e0bf2b60b47461942b3fcb1eab4fb6fcb508e1cb15
-
SHA512
035f1b2ec75f12b07f755e0ba2c4a05d568e8670ec7fe7ab5f506af63543f7773f191405272d51349af034efb93159bda8c3246e7cea4e58bf51cf934ffe6f61
-
SSDEEP
3072:KDy+bnr+O1p5GWp1icKAArDZz4N9GhbkrNEk1e6D5dMOt7WQqmuXIsjQoc:KDy+bnr+ep0yN90QEjzDQqmSv
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1