Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
0302dde705d5c374ea7d5a997bec8c1e6aa282320fd83c1921554ef0eadcf2a2.exe
-
Size
1.2MB
-
Sample
240726-bj5yzszdkd
-
MD5
3b15ca32fcb7defc3b37ea85aeab6f9c
-
SHA1
8afe0be86bad8d114bd04bab1ae2f42536d4391b
-
SHA256
0302dde705d5c374ea7d5a997bec8c1e6aa282320fd83c1921554ef0eadcf2a2
-
SHA512
5c414f4449aa3bd917ac34b07b9310349cfe629f04226569c9490144df0b33a48f69b123c89d9447a50c05e918db8c36c46f94143a0e2e9a4277adba731fd7e6
-
SSDEEP
24576:OSn+3rwYCD+7ZLCNDPLrsfMcSpm471n2DU0b54cp:yCD+7ANrvsfMTjJn2om3
Malware Config
Extracted
amadey
4.17
285f8a
http://194.87.71.43
-
strings_key
5f3718fed2ec5572d2ce198260ba7912
-
url_paths
/g9jjjbnAdshZ/index.php
Targets
-
-
Target
0302dde705d5c374ea7d5a997bec8c1e6aa282320fd83c1921554ef0eadcf2a2.exe
-
Size
1.2MB
-
MD5
3b15ca32fcb7defc3b37ea85aeab6f9c
-
SHA1
8afe0be86bad8d114bd04bab1ae2f42536d4391b
-
SHA256
0302dde705d5c374ea7d5a997bec8c1e6aa282320fd83c1921554ef0eadcf2a2
-
SHA512
5c414f4449aa3bd917ac34b07b9310349cfe629f04226569c9490144df0b33a48f69b123c89d9447a50c05e918db8c36c46f94143a0e2e9a4277adba731fd7e6
-
SSDEEP
24576:OSn+3rwYCD+7ZLCNDPLrsfMcSpm471n2DU0b54cp:yCD+7ANrvsfMTjJn2om3
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Blocklisted process makes network request
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
4Credentials In Files
3Credentials in Registry
1