Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    83d2f02cc9276c540c26348669d8503a39ae38296590e96c734f865c420438d3

  • Size

    4.4MB

  • Sample

    240526-r1w1eahg8w

  • MD5

    3bea43a1f70e751778d17ff9db41b0a3

  • SHA1

    3637c87f85c1f2d8526535f3de05b9943b5dd665

  • SHA256

    83d2f02cc9276c540c26348669d8503a39ae38296590e96c734f865c420438d3

  • SHA512

    1638893ac4d7a0ee23e2e942e2a683ce5ff61365ef3020c9e4790a52e77901881a09a27cab4ef9d8539fdbc7af64675161651ac7500751c2c5bc4ae693a4ea20

  • SSDEEP

    98304:cfUb8pAxsOBSexdGzByOahalkaX7EgPHx8lPw2GiqVGf2s7x9tMOmb:cfU+OsvwoYOau3gosPbk4f/b4

Score
10/10
amadey8fc809trojan

Malware Config

Extracted

Family

amadey

Version

4.19

Botnet

8fc809

C2

http://nudump.com

http://otyt.ru

http://selltix.org
Attributes
  • install_dir

    b739b37d80

  • install_file

    Dctooux.exe

  • strings_key

    65bac8d4c26069c29f1fd276f7af33f3

  • url_paths

    /forum/index.php

    /forum2/index.php

    /forum3/index.php

rc4.plain

Targets

    • Target

      83d2f02cc9276c540c26348669d8503a39ae38296590e96c734f865c420438d3

    • Size

      4.4MB

    • MD5

      3bea43a1f70e751778d17ff9db41b0a3

    • SHA1

      3637c87f85c1f2d8526535f3de05b9943b5dd665

    • SHA256

      83d2f02cc9276c540c26348669d8503a39ae38296590e96c734f865c420438d3

    • SHA512

      1638893ac4d7a0ee23e2e942e2a683ce5ff61365ef3020c9e4790a52e77901881a09a27cab4ef9d8539fdbc7af64675161651ac7500751c2c5bc4ae693a4ea20

    • SSDEEP

      98304:cfUb8pAxsOBSexdGzByOahalkaX7EgPHx8lPw2GiqVGf2s7x9tMOmb:cfU+OsvwoYOau3gosPbk4f/b4

    Score
    10/10
    amadey8fc809trojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks