Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1728-3-0x0000000000800000-0x0000000000CC5000-memory.dmp

  • Size

    4.8MB

  • Sample

    240519-wgy3waae2t

  • MD5

    1c0b17f9591f50dbb4ef9630e501f06a

  • SHA1

    a0c05e6bc188831fc4d10c4229e8f0736ab15833

  • SHA256

    f09cef1139cef87c745b0c250b9daa35a8f8d91be196c5aaf1a81636e09fe546

  • SHA512

    d5fe384876c6060d77edaaba73922509db1e9f597c7238dc68946c3ea7f836581ea5cead86ad582e89425cc9b446bc23bba9d916914768e0b9b0d2ca10de79ae

  • SSDEEP

    98304:k+4ziuz3AR8F3cM0qOYUvcvxAtTaTiE4qTOD3Oin:kBGqq0pAtTaOEL5c

Score
10/10

Malware Config

Extracted

Family

amadey

Version

4.20

Botnet

c767c0

C2

http://5.42.96.7

Attributes
  • install_dir

    7af68cdb52

  • install_file

    axplons.exe

  • strings_key

    e2ce58e78f631ed97d01fe7b70e85d5e

  • url_paths

    /zamo7h/index.php

rc4.plain

Targets

    • Target

      1728-3-0x0000000000800000-0x0000000000CC5000-memory.dmp

    • Size

      4.8MB

    • MD5

      1c0b17f9591f50dbb4ef9630e501f06a

    • SHA1

      a0c05e6bc188831fc4d10c4229e8f0736ab15833

    • SHA256

      f09cef1139cef87c745b0c250b9daa35a8f8d91be196c5aaf1a81636e09fe546

    • SHA512

      d5fe384876c6060d77edaaba73922509db1e9f597c7238dc68946c3ea7f836581ea5cead86ad582e89425cc9b446bc23bba9d916914768e0b9b0d2ca10de79ae

    • SSDEEP

      98304:k+4ziuz3AR8F3cM0qOYUvcvxAtTaTiE4qTOD3Oin:kBGqq0pAtTaOEL5c

    Score
    10/10
    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

MITRE ATT&CK Matrix

Tasks