Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    cc710918467e4b28f04f27dbec45cb6168b4828de5771233f1ef0c5a485a55ca

  • Size

    4.0MB

  • Sample

    231011-lkh6qaga96

  • MD5

    a38e39cfe409a847b1252327796dd499

  • SHA1

    ced9a956fea03e4def5fb8f5cdcdef814554f2a0

  • SHA256

    cc710918467e4b28f04f27dbec45cb6168b4828de5771233f1ef0c5a485a55ca

  • SHA512

    28da914ea74727cb8d9fd618cf5cd449e3d67d97f2e29016e532a3e7c1993b57506189ecfab654049aa9a8cab82396bcae83bd8b092953892c4305395856fa60

  • SSDEEP

    24576:0d+yabNjLQp8+qlArd9+5l7OuB7S7THKU4eEO+wbbNny+1dZNd/eMvey:0diZvQp727OuBenKLbnwFNZeMvH

Score
10/10

Malware Config

Extracted

Family

amadey

Version

3.86

C2

http://45.9.74.182/b7djSDcPcZ/index.php

Attributes
  • install_dir

    f3f10bd848

  • install_file

    bstyoops.exe

  • strings_key

    05986a1cda6dc6caabf469f27fb6c32d

rc4.plain

Targets

    • Target

      cc710918467e4b28f04f27dbec45cb6168b4828de5771233f1ef0c5a485a55ca

    • Size

      4.0MB

    • MD5

      a38e39cfe409a847b1252327796dd499

    • SHA1

      ced9a956fea03e4def5fb8f5cdcdef814554f2a0

    • SHA256

      cc710918467e4b28f04f27dbec45cb6168b4828de5771233f1ef0c5a485a55ca

    • SHA512

      28da914ea74727cb8d9fd618cf5cd449e3d67d97f2e29016e532a3e7c1993b57506189ecfab654049aa9a8cab82396bcae83bd8b092953892c4305395856fa60

    • SSDEEP

      24576:0d+yabNjLQp8+qlArd9+5l7OuB7S7THKU4eEO+wbbNny+1dZNd/eMvey:0diZvQp727OuBenKLbnwFNZeMvH

    Score
    10/10
    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks