General
-
Target
138b791bb04c3073e3e752fdcf5bc5490c4169e9f553954b025aab8414c4589a.zip
-
Size
501KB
-
Sample
231125-lgghqaad9v
-
MD5
03eef97bce57664a5f024579bae1b405
-
SHA1
6d081d30543fd125becb8fafe13750aa98096726
-
SHA256
5cd379d1024d7dae18b1dcb62a0290008c3c67e4c46f13c2c639d3a7aae51bee
-
SHA512
715eac9b5f36e646bb58975a0c91966dcefc67b9a99e650d026dfa8f846a700af0507cc412af7d0f82f88a74de3f61ed0197706c17a40e5230e6b2edd326b155
-
SSDEEP
12288:a5pOHDmcSIQ5c3acI4KBe09IjBjDEU2bUJaMwpj76ZyHXxvqRbB3q:aSHDOeV09RU2bUJaMg2AZqRbB6
Malware Config
Extracted
amadey
4.12
http://brodoyouevenlift.co.za
-
install_dir
ce3eb8f6b2
-
install_file
Utsysc.exe
-
strings_key
c5b804d7b4c8a99f5afb89e5203cf3ba
-
url_paths
/g9sdjScV2/index.php
/vdhe8ejs3/index.php
Targets
-
-
Target
138b791bb04c3073e3e752fdcf5bc5490c4169e9f553954b025aab8414c4589a.exe
-
Size
531KB
-
MD5
a544d2c23c55904dbf0f0190f42eaac6
-
SHA1
e9d920e5400b36562dfe81b900b99d35b70576b9
-
SHA256
138b791bb04c3073e3e752fdcf5bc5490c4169e9f553954b025aab8414c4589a
-
SHA512
21d50d0239326ced64c8c294f53fd58fe715c3f38550b151117786b1201997e899414fefc3734fc139502d27b81c36c64d07dc64305ead24b80ac9646f114ac5
-
SSDEEP
12288:fz9JHhp3l7Nt0P78PyCp3qkxD+XYaVikoSG6s7XuwMefn:fzXtNeP7v6XZMYackkX/
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-