amadey | 5e40045967d5a7f0ff47c0cbf124d28a6d8816bbdc28a301100b962cddb5e932 | Triage

Sharing

General

Target

5e40045967d5a7f0ff47c0cbf124d28a6d8816bbdc28a301100b962cddb5e932
Size

491KB
Sample

240612-xywjrawgme
MD5

92f56f6c93bfb52b1031494cf93ee02e
SHA1

6d09a001488bdb76c14f61701e43caf3020d799d
SHA256

5e40045967d5a7f0ff47c0cbf124d28a6d8816bbdc28a301100b962cddb5e932
SHA512

cc33a5670116421b5b30a968a7c94cba9d9da8a7575ff60c0ad630f22e819a84d0c8f2d5fb1789b1ef3acb494371d7244b1fd20533fe9e742a1e3622314e39ae
SSDEEP

6144:cLLdtnfkNkTfz4Ubme7oiymMdfFQpaBLhY0jSxQvvFC8vuaJ9NBoqeT:K5FfkNeiiybfFpB1Y0gQvv9vuaJj

Score

10^/10

amadey 8fc809 trojan

Malware Config

Extracted

Family

amadey

Version

4.19

Botnet

8fc809

C2

http://nudump.com

http://otyt.ru

http://selltix.org

Attributes

install_dir
b739b37d80
install_file
Dctooux.exe
strings_key
65bac8d4c26069c29f1fd276f7af33f3
url_paths
/forum/index.php

/forum2/index.php

/forum3/index.php

rc4.plain

Targets

- Target
  
  5e40045967d5a7f0ff47c0cbf124d28a6d8816bbdc28a301100b962cddb5e932
- Size
  
  491KB
- MD5
  
  92f56f6c93bfb52b1031494cf93ee02e
- SHA1
  
  6d09a001488bdb76c14f61701e43caf3020d799d
- SHA256
  
  5e40045967d5a7f0ff47c0cbf124d28a6d8816bbdc28a301100b962cddb5e932
- SHA512
  
  cc33a5670116421b5b30a968a7c94cba9d9da8a7575ff60c0ad630f22e819a84d0c8f2d5fb1789b1ef3acb494371d7244b1fd20533fe9e742a1e3622314e39ae
- SSDEEP
  
  6144:cLLdtnfkNkTfz4Ubme7oiymMdfFQpaBLhY0jSxQvvFC8vuaJ9NBoqeT:K5FfkNeiiybfFpB1Y0gQvv9vuaJj
Score

10^/10

amadey 8fc809 trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadey8fc809trojan

behavioral2

amadey8fc809trojan