General
-
Target
50b48f276b25a3a101835d47ff305f97a8c3bc464674fd050b6d6dcd77e7b638
-
Size
463KB
-
Sample
240614-ypwc3axdrq
-
MD5
d050994189d9d5b50c01a76dfecc36c5
-
SHA1
020c7288bb31b10e1da24a707aaeed669e745067
-
SHA256
50b48f276b25a3a101835d47ff305f97a8c3bc464674fd050b6d6dcd77e7b638
-
SHA512
d9cca2f76ece54aef9f9f7aa65a4bd207786fb4fac77c7bb7356674a344856f63ec45f28020993732485b6b65489c448d42b84cb032cabae40e1e0ae5d4d7575
-
SSDEEP
6144:eFbSEEnlhAoNJ9n+mB/WLLeQkBtbWmUIbaQwfRT2+t5e4Pv0ApGukISvTH:elEnzNrnrwLLUBUmUTQw3reC0A0ukvH
Malware Config
Extracted
amadey
4.19
8fc809
http://nudump.com
http://otyt.ru
http://selltix.org
-
install_dir
b739b37d80
-
install_file
Dctooux.exe
-
strings_key
65bac8d4c26069c29f1fd276f7af33f3
-
url_paths
/forum/index.php
/forum2/index.php
/forum3/index.php
Targets
-
-
Target
50b48f276b25a3a101835d47ff305f97a8c3bc464674fd050b6d6dcd77e7b638
-
Size
463KB
-
MD5
d050994189d9d5b50c01a76dfecc36c5
-
SHA1
020c7288bb31b10e1da24a707aaeed669e745067
-
SHA256
50b48f276b25a3a101835d47ff305f97a8c3bc464674fd050b6d6dcd77e7b638
-
SHA512
d9cca2f76ece54aef9f9f7aa65a4bd207786fb4fac77c7bb7356674a344856f63ec45f28020993732485b6b65489c448d42b84cb032cabae40e1e0ae5d4d7575
-
SSDEEP
6144:eFbSEEnlhAoNJ9n+mB/WLLeQkBtbWmUIbaQwfRT2+t5e4Pv0ApGukISvTH:elEnzNrnrwLLUBUmUTQw3reC0A0ukvH
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-