Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f7cd82966f3db1391e758a6afee0bc68c6fe837bac22229328a4d25187702c44

  • Size

    1.8MB

  • Sample

    240417-qacneagd88

  • MD5

    9a19c8a1a6a806d4c9fde0da3d610319

  • SHA1

    4fec8767bb2aaa3b7e559d2bdedce4b8b30627bf

  • SHA256

    f7cd82966f3db1391e758a6afee0bc68c6fe837bac22229328a4d25187702c44

  • SHA512

    f1f39e9e374abe822835601f9ed49b0b2fd6fff2264a3e63c00d485211407bb5ee678b692fb6d6d33494ea868ebb1c69d83d4eed9d360c875cdd0de05c57bfc2

  • SSDEEP

    49152:WAwdpohPO03lNN6jWZ2ZDY31CjgJ98ZtZc3YGS:4dpK/4aYZ08jgJ9wY

Score
10/10

Malware Config

Extracted

Family

amadey

Version

4.17

C2

http://185.215.113.32

Attributes
  • install_dir

    00c07260dc

  • install_file

    explorgu.exe

  • strings_key

    461809bd97c251ba0c0c8450c7055f1d

  • url_paths

    /yandex/index.php

rc4.plain

Targets

    • Target

      f7cd82966f3db1391e758a6afee0bc68c6fe837bac22229328a4d25187702c44

    • Size

      1.8MB

    • MD5

      9a19c8a1a6a806d4c9fde0da3d610319

    • SHA1

      4fec8767bb2aaa3b7e559d2bdedce4b8b30627bf

    • SHA256

      f7cd82966f3db1391e758a6afee0bc68c6fe837bac22229328a4d25187702c44

    • SHA512

      f1f39e9e374abe822835601f9ed49b0b2fd6fff2264a3e63c00d485211407bb5ee678b692fb6d6d33494ea868ebb1c69d83d4eed9d360c875cdd0de05c57bfc2

    • SSDEEP

      49152:WAwdpohPO03lNN6jWZ2ZDY31CjgJ98ZtZc3YGS:4dpK/4aYZ08jgJ9wY

    Score
    10/10
    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks