General
-
Target
11b953a042b7e12b94d4e948b757165f72bab8cc7e63d453a4ad93b3cf6919ba
-
Size
493KB
-
Sample
240618-l1m5lsycrg
-
MD5
9f32b93a4e5854ed769d0a2d810e4f04
-
SHA1
5dd8100a8c9f4ca7d5ba38a6ec3e4d3b4a1bcfde
-
SHA256
11b953a042b7e12b94d4e948b757165f72bab8cc7e63d453a4ad93b3cf6919ba
-
SHA512
0b88f02e481b54210d03651ac8ba8218cf5d76ccf371194cfea67eb880df72726c65397c44ec210b63ab520e65a4bb45730257b250071ee97a3547425c3ab99c
-
SSDEEP
6144:tLfR0UK1Jq4qi9XJbypYwOx34vd1h3PeNMIjMhTgiZJVc7bWA:tqU0NZbyiwe60jjMJg2
Malware Config
Extracted
amadey
4.19
8fc809
http://nudump.com
http://otyt.ru
http://selltix.org
-
install_dir
b739b37d80
-
install_file
Dctooux.exe
-
strings_key
65bac8d4c26069c29f1fd276f7af33f3
-
url_paths
/forum/index.php
/forum2/index.php
/forum3/index.php
Targets
-
-
Target
11b953a042b7e12b94d4e948b757165f72bab8cc7e63d453a4ad93b3cf6919ba
-
Size
493KB
-
MD5
9f32b93a4e5854ed769d0a2d810e4f04
-
SHA1
5dd8100a8c9f4ca7d5ba38a6ec3e4d3b4a1bcfde
-
SHA256
11b953a042b7e12b94d4e948b757165f72bab8cc7e63d453a4ad93b3cf6919ba
-
SHA512
0b88f02e481b54210d03651ac8ba8218cf5d76ccf371194cfea67eb880df72726c65397c44ec210b63ab520e65a4bb45730257b250071ee97a3547425c3ab99c
-
SSDEEP
6144:tLfR0UK1Jq4qi9XJbypYwOx34vd1h3PeNMIjMhTgiZJVc7bWA:tqU0NZbyiwe60jjMJg2
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-