Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0302dde705d5c374ea7d5a997bec8c1e6aa282320fd83c1921554ef0eadcf2a2.exe

  • Size

    1.2MB

  • Sample

    240726-bj5yzszdkd

  • MD5

    3b15ca32fcb7defc3b37ea85aeab6f9c

  • SHA1

    8afe0be86bad8d114bd04bab1ae2f42536d4391b

  • SHA256

    0302dde705d5c374ea7d5a997bec8c1e6aa282320fd83c1921554ef0eadcf2a2

  • SHA512

    5c414f4449aa3bd917ac34b07b9310349cfe629f04226569c9490144df0b33a48f69b123c89d9447a50c05e918db8c36c46f94143a0e2e9a4277adba731fd7e6

  • SSDEEP

    24576:OSn+3rwYCD+7ZLCNDPLrsfMcSpm471n2DU0b54cp:yCD+7ANrvsfMTjJn2om3

Malware Config

Extracted

Family

amadey

Version

4.17

Botnet

285f8a

C2

http://194.87.71.43

Attributes
  • strings_key

    5f3718fed2ec5572d2ce198260ba7912

  • url_paths

    /g9jjjbnAdshZ/index.php

rc4.plain

Targets

    • Target

      0302dde705d5c374ea7d5a997bec8c1e6aa282320fd83c1921554ef0eadcf2a2.exe

    • Size

      1.2MB

    • MD5

      3b15ca32fcb7defc3b37ea85aeab6f9c

    • SHA1

      8afe0be86bad8d114bd04bab1ae2f42536d4391b

    • SHA256

      0302dde705d5c374ea7d5a997bec8c1e6aa282320fd83c1921554ef0eadcf2a2

    • SHA512

      5c414f4449aa3bd917ac34b07b9310349cfe629f04226569c9490144df0b33a48f69b123c89d9447a50c05e918db8c36c46f94143a0e2e9a4277adba731fd7e6

    • SSDEEP

      24576:OSn+3rwYCD+7ZLCNDPLrsfMcSpm471n2DU0b54cp:yCD+7ANrvsfMTjJn2om3

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Blocklisted process makes network request

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

MITRE ATT&CK Enterprise v15

Tasks