Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2440-3-0x0...ry.exe

windows7-x64

10

2440-3-0x0...ry.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2440-3-0x0000000000300000-0x00000000007C3000-memory.dmp

  • Size

    4.8MB

  • Sample

    241212-rcscbawna1

  • MD5

    a4ac4739eb2197c9d218420479eb5c18

  • SHA1

    a920c24a867f86d7230537f8a83a51fb1e30b655

  • SHA256

    d7a6a51801e3da07dd0d8780244e5c9597671644230ed7f6cc33b4d54e0c4276

  • SHA512

    3d2339cc7692397e0bacb2ce01c13cf35767bd44089ffc49a133d5359593c06c1af4e30a78ff7a8c2221aeec04e50b0cbd180cb3e39b3a6c9ebc3a6dcd304c25

  • SSDEEP

    98304:ji6dLC1poGkLtSriuit5du6u58ifpEGDHOZ0IA4D2lcv50:jmkJ3inY0pEvq

Score
10/10
amadeyfed3aatrojan

Malware Config

Extracted

Family

amadey

Version

4.41

Botnet

fed3aa

C2

http://185.215.113.16

Attributes
  • install_dir

    44111dbc49

  • install_file

    axplong.exe

  • strings_key

    8d0ad6945b1a30a186ec2d30be6db0b5

  • url_paths

    /Jo89Ku7d/index.php

rc4.plain

Targets

    • Target

      2440-3-0x0000000000300000-0x00000000007C3000-memory.dmp

    • Size

      4.8MB

    • MD5

      a4ac4739eb2197c9d218420479eb5c18

    • SHA1

      a920c24a867f86d7230537f8a83a51fb1e30b655

    • SHA256

      d7a6a51801e3da07dd0d8780244e5c9597671644230ed7f6cc33b4d54e0c4276

    • SHA512

      3d2339cc7692397e0bacb2ce01c13cf35767bd44089ffc49a133d5359593c06c1af4e30a78ff7a8c2221aeec04e50b0cbd180cb3e39b3a6c9ebc3a6dcd304c25

    • SSDEEP

      98304:ji6dLC1poGkLtSriuit5du6u58ifpEGDHOZ0IA4D2lcv50:jmkJ3inY0pEvq

    Score
    10/10
    amadeytrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Amadey family

      amadey
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks