General

  • Target

    5899d80e908132a584cbbe909414d37cc7d936a00c9a87af1ac7b008dcc283f4

  • Size

    491KB

  • Sample

    240618-zdwecswdle

  • MD5

    e7789e04a0cb09652b2b371aa014b2b6

  • SHA1

    544795bfe56434f1bdd7143be3c3b34569dd4b38

  • SHA256

    5899d80e908132a584cbbe909414d37cc7d936a00c9a87af1ac7b008dcc283f4

  • SHA512

    4725596bd2e1ca4dffbf85f0b5ff85928f3182a2be2ef8a293537e7d825625fa9ba72e06e946b5e09b907c9e74cb5a318e56c279a3bdc4bfdf1170df02e760c5

  • SSDEEP

    12288:xiy4DKqtPKIyfC66Q4vyR7oi54RXEAIZf/Cw:dYKiSdak6i54R1I5Cw

Score
10/10

Malware Config

Extracted

Family

amadey

Version

4.19

Botnet

8fc809

C2

http://nudump.com

http://otyt.ru

http://selltix.org

Attributes
  • install_dir

    b739b37d80

  • install_file

    Dctooux.exe

  • strings_key

    65bac8d4c26069c29f1fd276f7af33f3

  • url_paths

    /forum/index.php

    /forum2/index.php

    /forum3/index.php

rc4.plain

Targets

    • Target

      5899d80e908132a584cbbe909414d37cc7d936a00c9a87af1ac7b008dcc283f4

    • Size

      491KB

    • MD5

      e7789e04a0cb09652b2b371aa014b2b6

    • SHA1

      544795bfe56434f1bdd7143be3c3b34569dd4b38

    • SHA256

      5899d80e908132a584cbbe909414d37cc7d936a00c9a87af1ac7b008dcc283f4

    • SHA512

      4725596bd2e1ca4dffbf85f0b5ff85928f3182a2be2ef8a293537e7d825625fa9ba72e06e946b5e09b907c9e74cb5a318e56c279a3bdc4bfdf1170df02e760c5

    • SSDEEP

      12288:xiy4DKqtPKIyfC66Q4vyR7oi54RXEAIZf/Cw:dYKiSdak6i54R1I5Cw

    Score
    10/10
    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Matrix ATT&CK v13

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks