General
-
Target
5f7c9b901567da2b14dcdab2bb4b14f80820032ef92340136368ef1a67426f38
-
Size
491KB
-
Sample
240618-qdbwaavcnb
-
MD5
0a9a2b21fb2a5f8b18d925ca13ea79d0
-
SHA1
b89399f5dd81295a4177f8abdba72ceb22c57fed
-
SHA256
5f7c9b901567da2b14dcdab2bb4b14f80820032ef92340136368ef1a67426f38
-
SHA512
299becfe791d0cab30d430bf4f67fe7712cd0e6240557c04a2462d592894a2ada5f69de512c1e5b2bb5c54f0873558048befe88b047ee9c04a6bbfceb26d7f56
-
SSDEEP
6144:gLQRLRusCvkjgDsxe1HfFEKZLfa/MOsqGvZN1GQOBMfjrYwiuA:gaR7Cv2gXtHLfa/M5fIQO+j
Malware Config
Extracted
amadey
4.19
8fc809
http://nudump.com
http://otyt.ru
http://selltix.org
-
install_dir
b739b37d80
-
install_file
Dctooux.exe
-
strings_key
65bac8d4c26069c29f1fd276f7af33f3
-
url_paths
/forum/index.php
/forum2/index.php
/forum3/index.php
Targets
-
-
Target
5f7c9b901567da2b14dcdab2bb4b14f80820032ef92340136368ef1a67426f38
-
Size
491KB
-
MD5
0a9a2b21fb2a5f8b18d925ca13ea79d0
-
SHA1
b89399f5dd81295a4177f8abdba72ceb22c57fed
-
SHA256
5f7c9b901567da2b14dcdab2bb4b14f80820032ef92340136368ef1a67426f38
-
SHA512
299becfe791d0cab30d430bf4f67fe7712cd0e6240557c04a2462d592894a2ada5f69de512c1e5b2bb5c54f0873558048befe88b047ee9c04a6bbfceb26d7f56
-
SSDEEP
6144:gLQRLRusCvkjgDsxe1HfFEKZLfa/MOsqGvZN1GQOBMfjrYwiuA:gaR7Cv2gXtHLfa/M5fIQO+j
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-