General
-
Target
6866f4e7450d085b19ad1aa9adaca819.exe
-
Size
1.5MB
-
Sample
231124-t1ykcacf93
-
MD5
6866f4e7450d085b19ad1aa9adaca819
-
SHA1
4afc3a0de610f45dbf8eb83da2a16052c2a81b01
-
SHA256
93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e
-
SHA512
4d35943770423afe92784836a0aeb2d69c6d929d6208b2d3bd5dd347f54a58e4bcc2e074fc8a930d0d6fbddc3dc4082b362aced683d81966ed488e22d7b9c7c8
-
SSDEEP
24576:NQIsq2Q2GOAO4fCCy7gtsICmEly/nDBRyqni3xbU4eWxDJ3YsXv6+tH9ZPz1:NQIsq2Q2GOAO4fCZ7YsL8/KqihAsxDJX
Malware Config
Extracted
amadey
4.13
http://65.108.99.238
http://brodoyouevenlift.co.za
-
strings_key
bda044f544861e32e95f5d49b3939bcc
-
url_paths
/yXNwKVfkS28Y/index.php
/g5ddWs/index.php
/pOVxaw24d/index.php
Targets
-
-
Target
6866f4e7450d085b19ad1aa9adaca819.exe
-
Size
1.5MB
-
MD5
6866f4e7450d085b19ad1aa9adaca819
-
SHA1
4afc3a0de610f45dbf8eb83da2a16052c2a81b01
-
SHA256
93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e
-
SHA512
4d35943770423afe92784836a0aeb2d69c6d929d6208b2d3bd5dd347f54a58e4bcc2e074fc8a930d0d6fbddc3dc4082b362aced683d81966ed488e22d7b9c7c8
-
SSDEEP
24576:NQIsq2Q2GOAO4fCCy7gtsICmEly/nDBRyqni3xbU4eWxDJ3YsXv6+tH9ZPz1:NQIsq2Q2GOAO4fCZ7YsL8/KqihAsxDJX
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-