Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
5fef337b6a0d347e4ba1d05ae695c4af0ebd6bdf22ba85c544fc839473ed350f
-
Size
491KB
-
Sample
240609-vfrfzadd27
-
MD5
13b2bc3048a18cdd25de8e3449db2d5c
-
SHA1
875751b8aa356540e60b2ce80b9ccae2b84523e4
-
SHA256
5fef337b6a0d347e4ba1d05ae695c4af0ebd6bdf22ba85c544fc839473ed350f
-
SHA512
db7ab32acde9409838c517ede93026a65df572ad46455284a703a7b6524c16a5b2473b9c0f0e41323f757d98df16b393cb6f6d86edcda02b0c1ff022c1ae8fdf
-
SSDEEP
6144:ZQmLJe2lRMI3SLuyvO81jbQRViKT+UePVBnODIJm+8/aGAAzUCeiEU+SSSSSSSxC:emdTzCL1vBjkViKT+U6FOcJ5uoCeqVK
Malware Config
Extracted
amadey
4.21
b2c2c1
http://greendag.ru
-
install_dir
e221f72865
-
install_file
Dctooux.exe
-
strings_key
09a7af7983af08af50ea3f51a73065e9
-
url_paths
/forum/index.php
Targets
-
-
Target
5fef337b6a0d347e4ba1d05ae695c4af0ebd6bdf22ba85c544fc839473ed350f
-
Size
491KB
-
MD5
13b2bc3048a18cdd25de8e3449db2d5c
-
SHA1
875751b8aa356540e60b2ce80b9ccae2b84523e4
-
SHA256
5fef337b6a0d347e4ba1d05ae695c4af0ebd6bdf22ba85c544fc839473ed350f
-
SHA512
db7ab32acde9409838c517ede93026a65df572ad46455284a703a7b6524c16a5b2473b9c0f0e41323f757d98df16b393cb6f6d86edcda02b0c1ff022c1ae8fdf
-
SSDEEP
6144:ZQmLJe2lRMI3SLuyvO81jbQRViKT+UePVBnODIJm+8/aGAAzUCeiEU+SSSSSSSxC:emdTzCL1vBjkViKT+U6FOcJ5uoCeqVK
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-