Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
f7cd82966f3db1391e758a6afee0bc68c6fe837bac22229328a4d25187702c44
-
Size
1.8MB
-
Sample
240417-qacneagd88
-
MD5
9a19c8a1a6a806d4c9fde0da3d610319
-
SHA1
4fec8767bb2aaa3b7e559d2bdedce4b8b30627bf
-
SHA256
f7cd82966f3db1391e758a6afee0bc68c6fe837bac22229328a4d25187702c44
-
SHA512
f1f39e9e374abe822835601f9ed49b0b2fd6fff2264a3e63c00d485211407bb5ee678b692fb6d6d33494ea868ebb1c69d83d4eed9d360c875cdd0de05c57bfc2
-
SSDEEP
49152:WAwdpohPO03lNN6jWZ2ZDY31CjgJ98ZtZc3YGS:4dpK/4aYZ08jgJ9wY
Malware Config
Extracted
amadey
4.17
http://185.215.113.32
-
install_dir
00c07260dc
-
install_file
explorgu.exe
-
strings_key
461809bd97c251ba0c0c8450c7055f1d
-
url_paths
/yandex/index.php
Targets
-
-
Target
f7cd82966f3db1391e758a6afee0bc68c6fe837bac22229328a4d25187702c44
-
Size
1.8MB
-
MD5
9a19c8a1a6a806d4c9fde0da3d610319
-
SHA1
4fec8767bb2aaa3b7e559d2bdedce4b8b30627bf
-
SHA256
f7cd82966f3db1391e758a6afee0bc68c6fe837bac22229328a4d25187702c44
-
SHA512
f1f39e9e374abe822835601f9ed49b0b2fd6fff2264a3e63c00d485211407bb5ee678b692fb6d6d33494ea868ebb1c69d83d4eed9d360c875cdd0de05c57bfc2
-
SSDEEP
49152:WAwdpohPO03lNN6jWZ2ZDY31CjgJ98ZtZc3YGS:4dpK/4aYZ08jgJ9wY
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-