General
-
Target
cb5a0d461b5a3b743512012fad2824c2c240ef469cf8c10bcfa647fe0c24e821
-
Size
418KB
-
Sample
240619-yb8q8sshjl
-
MD5
e17d585a0eced5c95e2701fdfc4fefd5
-
SHA1
517e9808fc160c9f894ce5b65df84b42c9ca97d1
-
SHA256
cb5a0d461b5a3b743512012fad2824c2c240ef469cf8c10bcfa647fe0c24e821
-
SHA512
c628fa8c10b5e3b9892bf4ebe7671ca7cf5cbee8637961addc7ba884bd9c410cf96222b3f9c52a4bc7432f79fcdadbd867d487cecaeb39be1018d304a78710a6
-
SSDEEP
12288:2nvoAoALor4lTuqJKeYwT5NkZ/vsNdXH:YLLorOTPKeYwlNQEPX
Malware Config
Extracted
amadey
4.19
8fc809
http://nudump.com
http://otyt.ru
http://selltix.org
-
install_dir
b739b37d80
-
install_file
Dctooux.exe
-
strings_key
65bac8d4c26069c29f1fd276f7af33f3
-
url_paths
/forum/index.php
/forum2/index.php
/forum3/index.php
Targets
-
-
Target
cb5a0d461b5a3b743512012fad2824c2c240ef469cf8c10bcfa647fe0c24e821
-
Size
418KB
-
MD5
e17d585a0eced5c95e2701fdfc4fefd5
-
SHA1
517e9808fc160c9f894ce5b65df84b42c9ca97d1
-
SHA256
cb5a0d461b5a3b743512012fad2824c2c240ef469cf8c10bcfa647fe0c24e821
-
SHA512
c628fa8c10b5e3b9892bf4ebe7671ca7cf5cbee8637961addc7ba884bd9c410cf96222b3f9c52a4bc7432f79fcdadbd867d487cecaeb39be1018d304a78710a6
-
SSDEEP
12288:2nvoAoALor4lTuqJKeYwT5NkZ/vsNdXH:YLLorOTPKeYwlNQEPX
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-