amadey | 3ef28e9eb8a1b761a2d4f4138052693c8fc283d89d32e1521053e5d47d0b4fd7 | Triage

Sharing

General

Target

4540-3-0x0000000000400000-0x0000000000472000-memory.dmp
Size

456KB
Sample

240619-w97wgswdph
MD5

87901c24c598b68d281bbac2210adf99
SHA1

18ed49d7f0f2444cfd00fe740d48244db89df1d3
SHA256

3ef28e9eb8a1b761a2d4f4138052693c8fc283d89d32e1521053e5d47d0b4fd7
SHA512

aebecf63c412f7fea20d39e56e6dfa84634e16c7c0c7b54014d53804ff34e303180aa6f7e1ca3d17e9415247c126c685c64a1b65ad51b7ec385072bd2063313e
SSDEEP

12288:58m7eJ8uBNne5pAeNaeLSPBWKuJ+Q8Nx8vRt7:5u8uBNnopx5Sg8mRt7

Score

10^/10

amadey 8fc809

Malware Config

Extracted

Family

amadey

Version

4.19

Botnet

8fc809

C2

http://nudump.com

http://otyt.ru

http://selltix.org

Attributes

install_dir
b739b37d80
install_file
Dctooux.exe
strings_key
65bac8d4c26069c29f1fd276f7af33f3
url_paths
/forum/index.php

/forum2/index.php

/forum3/index.php

rc4.plain

Targets

- Target
  
  4540-3-0x0000000000400000-0x0000000000472000-memory.dmp
- Size
  
  456KB
- MD5
  
  87901c24c598b68d281bbac2210adf99
- SHA1
  
  18ed49d7f0f2444cfd00fe740d48244db89df1d3
- SHA256
  
  3ef28e9eb8a1b761a2d4f4138052693c8fc283d89d32e1521053e5d47d0b4fd7
- SHA512
  
  aebecf63c412f7fea20d39e56e6dfa84634e16c7c0c7b54014d53804ff34e303180aa6f7e1ca3d17e9415247c126c685c64a1b65ad51b7ec385072bd2063313e
- SSDEEP
  
  12288:58m7eJ8uBNne5pAeNaeLSPBWKuJ+Q8Nx8vRt7:5u8uBNnopx5Sg8mRt7
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2