Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
dc922ecb3a3c95b7338b322a07227dfd74c461ccd1968d5f3691a495be3ac40e
-
Size
1.7MB
-
Sample
240509-3kz8nsgg59
-
MD5
08bae91348c9440068484fef72f39992
-
SHA1
3625e654160ecdf011e2122061dec596799632f9
-
SHA256
dc922ecb3a3c95b7338b322a07227dfd74c461ccd1968d5f3691a495be3ac40e
-
SHA512
5925926ef0e101df9b50039823ced2b9e9161d37fdbf2eb86084b026fa4aa45f9ed17ff49183be96c461b76c597e24ad530c17427475a1011e04c606e745f12b
-
SSDEEP
24576:OpyJ7S9++lQaFkBMUwdE4xxKZxSpYdx6YcFJwV2STVOk9TQyp:OKe/apYqeM7dGFSE9G
Malware Config
Extracted
amadey
4.20
http://193.233.132.139
-
install_dir
5454e6f062
-
install_file
explorta.exe
-
strings_key
c7a869c5ba1d72480093ec207994e2bf
-
url_paths
/sev56rkm/index.php
Targets
-
-
Target
dc922ecb3a3c95b7338b322a07227dfd74c461ccd1968d5f3691a495be3ac40e
-
Size
1.7MB
-
MD5
08bae91348c9440068484fef72f39992
-
SHA1
3625e654160ecdf011e2122061dec596799632f9
-
SHA256
dc922ecb3a3c95b7338b322a07227dfd74c461ccd1968d5f3691a495be3ac40e
-
SHA512
5925926ef0e101df9b50039823ced2b9e9161d37fdbf2eb86084b026fa4aa45f9ed17ff49183be96c461b76c597e24ad530c17427475a1011e04c606e745f12b
-
SSDEEP
24576:OpyJ7S9++lQaFkBMUwdE4xxKZxSpYdx6YcFJwV2STVOk9TQyp:OKe/apYqeM7dGFSE9G
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-