General
-
Target
74ec10cbe8c630cd75807e89022da49876ea04bf76c3bea536c61b5cd36be0a9
-
Size
300KB
-
Sample
231207-epqysshbhn
-
MD5
9c3c481d2fbdc771108d74f1a8f571d0
-
SHA1
f44b197b9be99c62c267659bbb9889791a2447b0
-
SHA256
5b0f7bd234a96f0b698934d62cfe770b554a3b71b65b7fad575008e6f0c55bd5
-
SHA512
96655b1352424a5a084cb23d8988a7679c9ad811ce111abbfaaccf6898e127479f3f9b5cd4a7a659c582d6529d59cce79f03afd2ee5f537e77107af38467fc99
-
SSDEEP
6144:F+lQr9NjwWLRnur3U2Sl8//O6++sMFGV5iBXr9jezTpyaGMS3gpL:UlQ3jpFnur3U2N/YMkbArNezg5Tg9
Malware Config
Extracted
amadey
4.11
http://shohetrc.com
http://sibcomputer.ru
http://tve-mail.com
-
install_dir
d4dd819322
-
install_file
Utsysc.exe
-
strings_key
8419b3024d6f72beef8af6915e592308
-
url_paths
/forum/index.php
Targets
-
-
Target
74ec10cbe8c630cd75807e89022da49876ea04bf76c3bea536c61b5cd36be0a9
-
Size
446KB
-
MD5
3ac2f0cfc97ded7bda31835e5cc2ec7e
-
SHA1
deac90c7ef3340bff2e315e229dd9e2f752115f2
-
SHA256
74ec10cbe8c630cd75807e89022da49876ea04bf76c3bea536c61b5cd36be0a9
-
SHA512
f8b6395e7f40334123f2e6f0fe53bf1e9db7db3516a73e9e6f3aead317849bb7fa6eeadfb938b3cce50eea9dfbe602d106a6adef584845da0c41d5e962a399d8
-
SSDEEP
6144:bfu0eE6pn1nurt22Sle//O6+GsMFGV5iLXr9i49Ep6Dh:1eEonurt22R/GMkbIrM4y8Dh
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-