General
-
Target
96b711e91b77fb779c6b5fdd5fc60d217d8ea83891220ebfcfd9d931dc90605f
-
Size
471KB
-
Sample
240607-s7r6gabf46
-
MD5
dab9a5a943d99b179f515f8610ffff41
-
SHA1
c997b3ce7b1a20f45a727f1e37f34f3eb0875f5d
-
SHA256
96b711e91b77fb779c6b5fdd5fc60d217d8ea83891220ebfcfd9d931dc90605f
-
SHA512
4c5f6db653b2ed9e9ec0c3014e1cae8a061c86be6203afdf771ad5e46673ab677d1221b7742bf9e85c65e2a596fa1e9f5d5746dd7aff86596b1264a94eb27114
-
SSDEEP
6144:DNLTYbdkWiL8Hg9C6G4PWyJGdDFelD/upzyGjRdybAMHafUP4JDU4:J3YbS/L8Hg9CV4PoVFe1upWGFKAp4oR
Malware Config
Extracted
amadey
4.19
8fc809
http://nudump.com
http://otyt.ru
http://selltix.org
-
install_dir
b739b37d80
-
install_file
Dctooux.exe
-
strings_key
65bac8d4c26069c29f1fd276f7af33f3
-
url_paths
/forum/index.php
/forum2/index.php
/forum3/index.php
Targets
-
-
Target
96b711e91b77fb779c6b5fdd5fc60d217d8ea83891220ebfcfd9d931dc90605f
-
Size
471KB
-
MD5
dab9a5a943d99b179f515f8610ffff41
-
SHA1
c997b3ce7b1a20f45a727f1e37f34f3eb0875f5d
-
SHA256
96b711e91b77fb779c6b5fdd5fc60d217d8ea83891220ebfcfd9d931dc90605f
-
SHA512
4c5f6db653b2ed9e9ec0c3014e1cae8a061c86be6203afdf771ad5e46673ab677d1221b7742bf9e85c65e2a596fa1e9f5d5746dd7aff86596b1264a94eb27114
-
SSDEEP
6144:DNLTYbdkWiL8Hg9C6G4PWyJGdDFelD/upzyGjRdybAMHafUP4JDU4:J3YbS/L8Hg9CV4PoVFe1upWGFKAp4oR
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-