Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    dc922ecb3a3c95b7338b322a07227dfd74c461ccd1968d5f3691a495be3ac40e

  • Size

    1.7MB

  • Sample

    240509-3kz8nsgg59

  • MD5

    08bae91348c9440068484fef72f39992

  • SHA1

    3625e654160ecdf011e2122061dec596799632f9

  • SHA256

    dc922ecb3a3c95b7338b322a07227dfd74c461ccd1968d5f3691a495be3ac40e

  • SHA512

    5925926ef0e101df9b50039823ced2b9e9161d37fdbf2eb86084b026fa4aa45f9ed17ff49183be96c461b76c597e24ad530c17427475a1011e04c606e745f12b

  • SSDEEP

    24576:OpyJ7S9++lQaFkBMUwdE4xxKZxSpYdx6YcFJwV2STVOk9TQyp:OKe/apYqeM7dGFSE9G

Malware Config

Extracted

Family

amadey

Version

4.20

C2

http://193.233.132.139

Attributes
  • install_dir

    5454e6f062

  • install_file

    explorta.exe

  • strings_key

    c7a869c5ba1d72480093ec207994e2bf

  • url_paths

    /sev56rkm/index.php

rc4.plain

Targets

    • Target

      dc922ecb3a3c95b7338b322a07227dfd74c461ccd1968d5f3691a495be3ac40e

    • Size

      1.7MB

    • MD5

      08bae91348c9440068484fef72f39992

    • SHA1

      3625e654160ecdf011e2122061dec596799632f9

    • SHA256

      dc922ecb3a3c95b7338b322a07227dfd74c461ccd1968d5f3691a495be3ac40e

    • SHA512

      5925926ef0e101df9b50039823ced2b9e9161d37fdbf2eb86084b026fa4aa45f9ed17ff49183be96c461b76c597e24ad530c17427475a1011e04c606e745f12b

    • SSDEEP

      24576:OpyJ7S9++lQaFkBMUwdE4xxKZxSpYdx6YcFJwV2STVOk9TQyp:OKe/apYqeM7dGFSE9G

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks