Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
21118d964690bb0c68b3aafcf024565fb92ad4867ccffcf5bd7bedde9e4fba9c
-
Size
506KB
-
Sample
240608-1f4n7ahd69
-
MD5
de2aa457446864f4fafecdfe5be208ec
-
SHA1
7dcf49a2069875f2c46a4ee2f39e9cee8d4164d8
-
SHA256
21118d964690bb0c68b3aafcf024565fb92ad4867ccffcf5bd7bedde9e4fba9c
-
SHA512
48751283c7c44509feff6fb797e3499d6fa3dbef137bad01890a49071f0efc399a1225a3411d78449746dee0460bed33ec5d48174f2f0ef5c9ae6eba36d9db9b
-
SSDEEP
6144:3b7Ls3OkmJBHDTkc4dd7/B6WjbyUk+WXoEcAS:3I3OFJBHDTkpdd//bXGor
Malware Config
Extracted
amadey
4.19
8fc809
http://nudump.com
http://otyt.ru
http://selltix.org
-
install_dir
b739b37d80
-
install_file
Dctooux.exe
-
strings_key
65bac8d4c26069c29f1fd276f7af33f3
-
url_paths
/forum/index.php
/forum2/index.php
/forum3/index.php
Targets
-
-
Target
21118d964690bb0c68b3aafcf024565fb92ad4867ccffcf5bd7bedde9e4fba9c
-
Size
506KB
-
MD5
de2aa457446864f4fafecdfe5be208ec
-
SHA1
7dcf49a2069875f2c46a4ee2f39e9cee8d4164d8
-
SHA256
21118d964690bb0c68b3aafcf024565fb92ad4867ccffcf5bd7bedde9e4fba9c
-
SHA512
48751283c7c44509feff6fb797e3499d6fa3dbef137bad01890a49071f0efc399a1225a3411d78449746dee0460bed33ec5d48174f2f0ef5c9ae6eba36d9db9b
-
SSDEEP
6144:3b7Ls3OkmJBHDTkc4dd7/B6WjbyUk+WXoEcAS:3I3OFJBHDTkpdd//bXGor
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-