Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
4d06a56fe5167c0377a4a70bb4d36196928380593a524d41ecd0ba7d6b2dddde
-
Size
488KB
-
Sample
240613-3zxfbszfmm
-
MD5
8d2241d27e11c862a3bc70b8122880c9
-
SHA1
fb8f8bc25adb92606c2e074414f6aeff578ed6e8
-
SHA256
4d06a56fe5167c0377a4a70bb4d36196928380593a524d41ecd0ba7d6b2dddde
-
SHA512
2a827394ad22b0c81d94bd8295443d99dc1e79c5f8e9cc0bab6eca03ff5a4553501fda7f37768eb31862463e4b26495c7b94bb47cfa4c69a8f88ee4a82e55cf8
-
SSDEEP
6144:5GAzLWt1C7Pc0k34ejK/CgGLB0ZRzCTdFKPkAEAS43p8nzdi9mZMnj/pFOnfb:57St1GPgmibyHSKuzdigb
Malware Config
Extracted
amadey
4.21
b2c2c1
http://greendag.ru
-
install_dir
e221f72865
-
install_file
Dctooux.exe
-
strings_key
09a7af7983af08af50ea3f51a73065e9
-
url_paths
/forum/index.php
Targets
-
-
Target
4d06a56fe5167c0377a4a70bb4d36196928380593a524d41ecd0ba7d6b2dddde
-
Size
488KB
-
MD5
8d2241d27e11c862a3bc70b8122880c9
-
SHA1
fb8f8bc25adb92606c2e074414f6aeff578ed6e8
-
SHA256
4d06a56fe5167c0377a4a70bb4d36196928380593a524d41ecd0ba7d6b2dddde
-
SHA512
2a827394ad22b0c81d94bd8295443d99dc1e79c5f8e9cc0bab6eca03ff5a4553501fda7f37768eb31862463e4b26495c7b94bb47cfa4c69a8f88ee4a82e55cf8
-
SSDEEP
6144:5GAzLWt1C7Pc0k34ejK/CgGLB0ZRzCTdFKPkAEAS43p8nzdi9mZMnj/pFOnfb:57St1GPgmibyHSKuzdigb
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-