Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d96d2de73545dd4de6dc2a854fd55f901ed9687325eb0e71f38f743f874fe526

  • Size

    962KB

  • Sample

    240520-dzkn4aab91

  • MD5

    1c97b28d38f3195dbc2db81b2b40a08f

  • SHA1

    de0a9c2cebcff2f62d44800b912d4f0560a6f631

  • SHA256

    d96d2de73545dd4de6dc2a854fd55f901ed9687325eb0e71f38f743f874fe526

  • SHA512

    bcd156ab53dd17cf967612977b7d35e1be7b65b6dae83309e762bf05ccf1eab26b12cda27a71dce1bb8a03c23c860b8e86349caec36cf8bfd210a52683c58257

  • SSDEEP

    12288:EfBktWbB+xxrBrZdNMe9YtPx3eJwEOcav/4a/fGQfXH7eCdHQVhoDHYHpwCZwsSD:iUWbBQBfNMGMe+E0JtJJ3

Score
10/10

Malware Config

Extracted

Family

amadey

Version

3.81

Botnet

f9a925

C2

http://77.91.124.20

Attributes
  • install_dir

    c3912af058

  • install_file

    oneetx.exe

  • strings_key

    0504ce46646b0dc397a3c30d6692ec75

  • url_paths

    /store/games/index.php

rc4.plain

Targets

    • Target

      d96d2de73545dd4de6dc2a854fd55f901ed9687325eb0e71f38f743f874fe526

    • Size

      962KB

    • MD5

      1c97b28d38f3195dbc2db81b2b40a08f

    • SHA1

      de0a9c2cebcff2f62d44800b912d4f0560a6f631

    • SHA256

      d96d2de73545dd4de6dc2a854fd55f901ed9687325eb0e71f38f743f874fe526

    • SHA512

      bcd156ab53dd17cf967612977b7d35e1be7b65b6dae83309e762bf05ccf1eab26b12cda27a71dce1bb8a03c23c860b8e86349caec36cf8bfd210a52683c58257

    • SSDEEP

      12288:EfBktWbB+xxrBrZdNMe9YtPx3eJwEOcav/4a/fGQfXH7eCdHQVhoDHYHpwCZwsSD:iUWbBQBfNMGMe+E0JtJJ3

    Score
    10/10
    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detects executables packed with ConfuserEx Mod

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks