Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1444-3-0x0000000000A80000-0x0000000000F36000-memory.dmp

  • Size

    4.7MB

  • Sample

    240627-zmgmkaselp

  • MD5

    c9fe115636bf96af32c908e3e0dc5400

  • SHA1

    7464a382c46a11c8af2166858deb2c634c262729

  • SHA256

    33ae27ee8d37fda90eb07a0113b816222102cbe846d6d569151b5fddfc78b23d

  • SHA512

    ca185c310d628e9c1f5878eec876eee286ec946535be6e540ef208645a35ec85b1045a845f20e90ed1858d7675bf9a44053f36fe693cc261098adc6e012ba6ac

  • SSDEEP

    98304:T6eAq9QKYKhG0tUcb7g8qBPP4dLCX8bhy2iwoFLA1y+oYLE+:Ti8Rd68Vy2oFcQJI

Score
10/10

Malware Config

Extracted

Family

amadey

Version

4.30

Botnet

4dd39d

C2

http://77.91.77.82

Attributes
  • install_dir

    ad40971b6b

  • install_file

    explorti.exe

  • strings_key

    a434973ad22def7137dbb5e059b7081e

  • url_paths

    /Hun4Ko/index.php

rc4.plain

Targets

    • Target

      1444-3-0x0000000000A80000-0x0000000000F36000-memory.dmp

    • Size

      4.7MB

    • MD5

      c9fe115636bf96af32c908e3e0dc5400

    • SHA1

      7464a382c46a11c8af2166858deb2c634c262729

    • SHA256

      33ae27ee8d37fda90eb07a0113b816222102cbe846d6d569151b5fddfc78b23d

    • SHA512

      ca185c310d628e9c1f5878eec876eee286ec946535be6e540ef208645a35ec85b1045a845f20e90ed1858d7675bf9a44053f36fe693cc261098adc6e012ba6ac

    • SSDEEP

      98304:T6eAq9QKYKhG0tUcb7g8qBPP4dLCX8bhy2iwoFLA1y+oYLE+:Ti8Rd68Vy2oFcQJI

    Score
    10/10
    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

MITRE ATT&CK Matrix

Tasks