Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
70719c9030f6a556fb9769db5820fb369b5e6e6967651882aba35b3f9476dc1c
-
Size
463KB
-
Sample
240614-ytbt8ateqh
-
MD5
d20a3d88ce4efcf17d5af475e5cf4370
-
SHA1
7b7231f10aed63c58445efd9fd1e40a0df163acc
-
SHA256
70719c9030f6a556fb9769db5820fb369b5e6e6967651882aba35b3f9476dc1c
-
SHA512
65c4d56579c68697be9836e8df33d4ce0a43fb0c92cd63337bce5a55305017a637518b4dfbf18ee24433d461bbcb14f1b58e736910d9dbd42d9f57f48747089d
-
SSDEEP
6144:aFbHHkE8Nd8FJe8OMTNdkPDGzmCPdu1cxtcsz+fCOfc2YafSD5z38GzJSvTH:aRkpuve8tfriCPkivzqCecFlzZUH
Malware Config
Extracted
amadey
4.19
8fc809
http://nudump.com
http://otyt.ru
http://selltix.org
-
install_dir
b739b37d80
-
install_file
Dctooux.exe
-
strings_key
65bac8d4c26069c29f1fd276f7af33f3
-
url_paths
/forum/index.php
/forum2/index.php
/forum3/index.php
Targets
-
-
Target
70719c9030f6a556fb9769db5820fb369b5e6e6967651882aba35b3f9476dc1c
-
Size
463KB
-
MD5
d20a3d88ce4efcf17d5af475e5cf4370
-
SHA1
7b7231f10aed63c58445efd9fd1e40a0df163acc
-
SHA256
70719c9030f6a556fb9769db5820fb369b5e6e6967651882aba35b3f9476dc1c
-
SHA512
65c4d56579c68697be9836e8df33d4ce0a43fb0c92cd63337bce5a55305017a637518b4dfbf18ee24433d461bbcb14f1b58e736910d9dbd42d9f57f48747089d
-
SSDEEP
6144:aFbHHkE8Nd8FJe8OMTNdkPDGzmCPdu1cxtcsz+fCOfc2YafSD5z38GzJSvTH:aRkpuve8tfriCPkivzqCecFlzZUH
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-