Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    cb85b05afe9130e35937697c56d1fd4a.bin

  • Size

    5.4MB

  • Sample

    231226-ct1bxshgh4

  • MD5

    0eaf44eca89704ab7c8a7ce86dccc802

  • SHA1

    2bdfe8226ea39f2b26bb669c058bfb9b668de953

  • SHA256

    f108a2310bfa3944ed7b92e43f6a78ced3e5aa3cef8be4f449cda3869d68e28c

  • SHA512

    5dcf86f33fdaa1d3e3f0a9ccd44d1873c8c4a06ee6f3db64d38b76f8aa4a2916964b007cf39cc8d1d466904fc3473b45779efa34f0e920023c807c93f30fb4b2

  • SSDEEP

    98304:bPxQCVLjfx6VbXybRH16qHkn3u/hOHGdGX7+w76bhyqgqjwRZH17qaH:zPLrQ4bRVRkn3u/gcGLWbhldEkW

Malware Config

Extracted

Family

amadey

Version

4.13

C2

http://185.172.128.5

Attributes
  • install_dir

    4fdb51ccdc

  • install_file

    Utsysc.exe

  • strings_key

    11bb398ff31ee80d2c37571aecd1d36d

  • url_paths

    /v8sjh3hs8/index.php

rc4.plain

Extracted

Family

amadey

C2

http://185.172.128.5

Attributes
  • strings_key

    11bb398ff31ee80d2c37571aecd1d36d

  • url_paths

    /v8sjh3hs8/index.php

rc4.plain

Targets

    • Target

      5911df5268fa5f853dbe7e272d673ebdd24d37359191f8c2e49da523337629e9.exe

    • Size

      5.5MB

    • MD5

      cb85b05afe9130e35937697c56d1fd4a

    • SHA1

      7ea967e29ea21ac034ca3feedaaf3ed7937156a4

    • SHA256

      5911df5268fa5f853dbe7e272d673ebdd24d37359191f8c2e49da523337629e9

    • SHA512

      300e3db569eb0dc56f8f8a9fb07dc9c7df727984c669dc41af6a243d92b7b3517e254cf6b8e2c141d700910e73f1a30b6b73503e1c57f915f492802a313be68c

    • SSDEEP

      98304:BJsdjJqCh/sR/+jG2TNjE5jvJgB5NpZUVYEgSO1ib0y0HxaT5e4xBo5pUXdALaQb:sdjJqY/sRcTNjyxq5QYFRtHxaIYacXdU

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks