Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ef46ced1cea1c98722dc71aa0cf640bdc38d8677d92026b6fde6ce6ee2d623b5

  • Size

    539KB

  • Sample

    240905-2vfrcatcpc

  • MD5

    4d40ebb93aa34bf94d303c07c6a7e5e5

  • SHA1

    9333bc5b3f78f0a3cca32e1f6a90af8064bf8a81

  • SHA256

    ef46ced1cea1c98722dc71aa0cf640bdc38d8677d92026b6fde6ce6ee2d623b5

  • SHA512

    9cdce881809159ad07d99e9691c1457e7888aa96cf0ea93a19eea105b9db928f8f61c8de98c3b9179556b528fde4eb790d59e954db8a86799aecb38461741d3a

  • SSDEEP

    12288:qOfX3Lh7cnz3M+QnY1UXC0lQkqTJ9k3TBV+zF:nHJcnz3HIC0lmk3TqF

Malware Config

Extracted

Family

amadey

Version

4.41

Botnet

1176f2

C2

http://185.215.113.19

Attributes
  • install_dir

    417fd29867

  • install_file

    ednfoki.exe

  • strings_key

    183201dc3defc4394182b4bff63c4065

  • url_paths

    /CoreOPT/index.php

rc4.plain

Targets

    • Target

      ef46ced1cea1c98722dc71aa0cf640bdc38d8677d92026b6fde6ce6ee2d623b5

    • Size

      539KB

    • MD5

      4d40ebb93aa34bf94d303c07c6a7e5e5

    • SHA1

      9333bc5b3f78f0a3cca32e1f6a90af8064bf8a81

    • SHA256

      ef46ced1cea1c98722dc71aa0cf640bdc38d8677d92026b6fde6ce6ee2d623b5

    • SHA512

      9cdce881809159ad07d99e9691c1457e7888aa96cf0ea93a19eea105b9db928f8f61c8de98c3b9179556b528fde4eb790d59e954db8a86799aecb38461741d3a

    • SSDEEP

      12288:qOfX3Lh7cnz3M+QnY1UXC0lQkqTJ9k3TBV+zF:nHJcnz3HIC0lmk3TqF

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks