General
-
Target
561d6a6e5dc19d5c5b14c5eeeb1585be4b976f02b54d36b60a295fab547029d9
-
Size
492KB
-
Sample
240618-zp6pga1akj
-
MD5
b702e6456ab8cc32654546e7a3bfa42e
-
SHA1
46d5d4eaaefdc00ae0ef08593d5a4d9076901f48
-
SHA256
561d6a6e5dc19d5c5b14c5eeeb1585be4b976f02b54d36b60a295fab547029d9
-
SHA512
69dd9e7cecddaef97c2a53d84285347653bf165615abdee02a33a34c363f2543bea768bb04ddda666f2cd5be9d2f634aa643cb6c74778e5a83f1e4fe9d6d93f2
-
SSDEEP
6144:OALXRXckM9TYIvvVX4i91vgIyIfPuSDurzUTm34zzJFSxe7jg9kF5:OAxch9TlvZ4+1IIyI3uSDu6JFtjg9kF
Malware Config
Extracted
amadey
4.19
8fc809
http://nudump.com
http://otyt.ru
http://selltix.org
-
install_dir
b739b37d80
-
install_file
Dctooux.exe
-
strings_key
65bac8d4c26069c29f1fd276f7af33f3
-
url_paths
/forum/index.php
/forum2/index.php
/forum3/index.php
Targets
-
-
Target
561d6a6e5dc19d5c5b14c5eeeb1585be4b976f02b54d36b60a295fab547029d9
-
Size
492KB
-
MD5
b702e6456ab8cc32654546e7a3bfa42e
-
SHA1
46d5d4eaaefdc00ae0ef08593d5a4d9076901f48
-
SHA256
561d6a6e5dc19d5c5b14c5eeeb1585be4b976f02b54d36b60a295fab547029d9
-
SHA512
69dd9e7cecddaef97c2a53d84285347653bf165615abdee02a33a34c363f2543bea768bb04ddda666f2cd5be9d2f634aa643cb6c74778e5a83f1e4fe9d6d93f2
-
SSDEEP
6144:OALXRXckM9TYIvvVX4i91vgIyIfPuSDurzUTm34zzJFSxe7jg9kF5:OAxch9TlvZ4+1IIyI3uSDu6JFtjg9kF
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-