amadey | 27743f06dd03f19e5f4d36019d8a276eae932fdc17858214029497ee5bae338b | Triage

Sharing

General

Target

3112-3-0x0000000000400000-0x0000000000472000-memory.dmp
Size

456KB
Sample

240617-ga8leawgrc
MD5

ce9d833795805d42486a3c9d65578c18
SHA1

4d7b682617d5a7d0eec1fbb9fc788e9071092e58
SHA256

27743f06dd03f19e5f4d36019d8a276eae932fdc17858214029497ee5bae338b
SHA512

1557d3e7895c3b84ee3a716116d46a3016713ba3cdcc041c3220a76d40324132321d038acbe2280624fa834fa69b3c71285c029b0261bc517fb786e32ad74dff
SSDEEP

12288:58m7eJ8uBNne5pAeNaeLSPBWKuJ+Q8NxEvRz7:5u8uBNnopx5Sg8eRz7

Score

10^/10

amadey 8fc809

Malware Config

Extracted

Family

amadey

Version

4.19

Botnet

8fc809

C2

http://nudump.com

http://otyt.ru

http://selltix.org

Attributes

install_dir
b739b37d80
install_file
Dctooux.exe
strings_key
65bac8d4c26069c29f1fd276f7af33f3
url_paths
/forum/index.php

/forum2/index.php

/forum3/index.php

rc4.plain

Targets

- Target
  
  3112-3-0x0000000000400000-0x0000000000472000-memory.dmp
- Size
  
  456KB
- MD5
  
  ce9d833795805d42486a3c9d65578c18
- SHA1
  
  4d7b682617d5a7d0eec1fbb9fc788e9071092e58
- SHA256
  
  27743f06dd03f19e5f4d36019d8a276eae932fdc17858214029497ee5bae338b
- SHA512
  
  1557d3e7895c3b84ee3a716116d46a3016713ba3cdcc041c3220a76d40324132321d038acbe2280624fa834fa69b3c71285c029b0261bc517fb786e32ad74dff
- SSDEEP
  
  12288:58m7eJ8uBNne5pAeNaeLSPBWKuJ+Q8NxEvRz7:5u8uBNnopx5Sg8eRz7
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2