General
-
Target
e9e0304ff9cc8791df30cd2ce7b21e978f483ecc6479edd46f2cb0818996111a
-
Size
470KB
-
Sample
240617-fr3wtawand
-
MD5
223361ee9614f70c53c4f810d15fcef4
-
SHA1
dfcf809c746832bd2de99504613ced686f8eba95
-
SHA256
e9e0304ff9cc8791df30cd2ce7b21e978f483ecc6479edd46f2cb0818996111a
-
SHA512
70095c2c0b39f2bea2b86f71f3aa152c1b85834f7b2b7a6300a04f5e26de2676693f75d9be12dc9109787650900c1721cbb9b6bf8b12a413e53f7a373a744de5
-
SSDEEP
6144:0Y7P7UqwLg3ESwU8c0oPuc2H7cicJLYTpRULxBKypFccQkIOubTi:twqws6zc2UJLgqRFcfk/8
Malware Config
Extracted
amadey
4.19
8fc809
http://nudump.com
http://otyt.ru
http://selltix.org
-
install_dir
b739b37d80
-
install_file
Dctooux.exe
-
strings_key
65bac8d4c26069c29f1fd276f7af33f3
-
url_paths
/forum/index.php
/forum2/index.php
/forum3/index.php
Targets
-
-
Target
e9e0304ff9cc8791df30cd2ce7b21e978f483ecc6479edd46f2cb0818996111a
-
Size
470KB
-
MD5
223361ee9614f70c53c4f810d15fcef4
-
SHA1
dfcf809c746832bd2de99504613ced686f8eba95
-
SHA256
e9e0304ff9cc8791df30cd2ce7b21e978f483ecc6479edd46f2cb0818996111a
-
SHA512
70095c2c0b39f2bea2b86f71f3aa152c1b85834f7b2b7a6300a04f5e26de2676693f75d9be12dc9109787650900c1721cbb9b6bf8b12a413e53f7a373a744de5
-
SSDEEP
6144:0Y7P7UqwLg3ESwU8c0oPuc2H7cicJLYTpRULxBKypFccQkIOubTi:twqws6zc2UJLgqRFcfk/8
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-