amadey | aaffbec59626a9acefa2b6c7effa8fea29fc0f3ea3ec9c8d32552e8c976dcbc5 | Triage

Sharing

General

Target

aaffbec59626a9acefa2b6c7effa8fea29fc0f3ea3ec9c8d32552e8c976dcbc5
Size

4.5MB
Sample

240526-r1tv2saf52
MD5

39103d2ddc8be33f1c9ecd4f66631ef1
SHA1

9d0f8e138071ba7ef007c4782d1de5c9dbdb39e1
SHA256

aaffbec59626a9acefa2b6c7effa8fea29fc0f3ea3ec9c8d32552e8c976dcbc5
SHA512

e3314f5af251043193c563969840cb9c18e7942980ed143c50e813473d7c37d3daa2f26e1c26a0a48d38452c9546f953fe66b4e23cd1dc7a59c9eefc5c438e9e
SSDEEP

98304:cfUb8pAxsOBSexdGzByOahalkaX7EgPHx8lPw2GiqVGf2s7x9tMOmn:cfU+OsvwoYOau3gosPbk4f/b0

Score

10^/10

amadey 8fc809 trojan

Malware Config

Extracted

Family

amadey

Version

4.19

Botnet

8fc809

C2

http://nudump.com

http://otyt.ru

http://selltix.org

Attributes

install_dir
b739b37d80
install_file
Dctooux.exe
strings_key
65bac8d4c26069c29f1fd276f7af33f3
url_paths
/forum/index.php
/forum2/index.php
/forum3/index.php

rc4.plain

Targets

- Target
  
  aaffbec59626a9acefa2b6c7effa8fea29fc0f3ea3ec9c8d32552e8c976dcbc5
- Size
  
  4.5MB
- MD5
  
  39103d2ddc8be33f1c9ecd4f66631ef1
- SHA1
  
  9d0f8e138071ba7ef007c4782d1de5c9dbdb39e1
- SHA256
  
  aaffbec59626a9acefa2b6c7effa8fea29fc0f3ea3ec9c8d32552e8c976dcbc5
- SHA512
  
  e3314f5af251043193c563969840cb9c18e7942980ed143c50e813473d7c37d3daa2f26e1c26a0a48d38452c9546f953fe66b4e23cd1dc7a59c9eefc5c438e9e
- SSDEEP
  
  98304:cfUb8pAxsOBSexdGzByOahalkaX7EgPHx8lPw2GiqVGf2s7x9tMOmn:cfU+OsvwoYOau3gosPbk4f/b0
Score

10^/10

amadey 8fc809 trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

amadey8fc809trojan