General
-
Target
2b8547bf6bdafef07f9624d47a541a9734c39ae4c0c2ada330031c30d39826b4
-
Size
398KB
-
Sample
240619-y4l3yavajq
-
MD5
efccb8ebc3cee38b7656617bd1b670ad
-
SHA1
6754e5a59ff6c2e569d61bd400e50beccc86f81b
-
SHA256
2b8547bf6bdafef07f9624d47a541a9734c39ae4c0c2ada330031c30d39826b4
-
SHA512
6b9acfb5c7edd0dced0fc4358faa291a608ed5da1412f92b613a025ed462b9b9fb83e27d3f430f25cbf86a4d33032b573919faa8493981d2d4153fbf4ef6706e
-
SSDEEP
6144:zNyo3FETe9jaAjGExnmq15CWhFzVVB7JPueHPLEmeukdMdcH:zxFEi9jJHnmqCwF7B7dVOFH
Malware Config
Extracted
amadey
4.19
8fc809
http://nudump.com
http://otyt.ru
http://selltix.org
-
install_dir
b739b37d80
-
install_file
Dctooux.exe
-
strings_key
65bac8d4c26069c29f1fd276f7af33f3
-
url_paths
/forum/index.php
/forum2/index.php
/forum3/index.php
Targets
-
-
Target
2b8547bf6bdafef07f9624d47a541a9734c39ae4c0c2ada330031c30d39826b4
-
Size
398KB
-
MD5
efccb8ebc3cee38b7656617bd1b670ad
-
SHA1
6754e5a59ff6c2e569d61bd400e50beccc86f81b
-
SHA256
2b8547bf6bdafef07f9624d47a541a9734c39ae4c0c2ada330031c30d39826b4
-
SHA512
6b9acfb5c7edd0dced0fc4358faa291a608ed5da1412f92b613a025ed462b9b9fb83e27d3f430f25cbf86a4d33032b573919faa8493981d2d4153fbf4ef6706e
-
SSDEEP
6144:zNyo3FETe9jaAjGExnmq15CWhFzVVB7JPueHPLEmeukdMdcH:zxFEi9jJHnmqCwF7B7dVOFH
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-