General
-
Target
d33669e2d1891b6a83c99084bcd669090cfeb50d14d46a1d41bd5911b78b33f7
-
Size
412KB
-
Sample
240620-aym62stdmr
-
MD5
6efae158b8f1f6f991a6e325ba5d6d79
-
SHA1
b0acf08a0db55769e97f77c673c9fc3ffc2a4f8c
-
SHA256
d33669e2d1891b6a83c99084bcd669090cfeb50d14d46a1d41bd5911b78b33f7
-
SHA512
1f777b0af7687d7d7a6f20f021f288dbf2985f9e63678c7ef3fbd7efb0009e2a945588dbac65f1facc862c9d3cb42bdf8df013e8fb9112c76597fd2c78438a00
-
SSDEEP
6144:PJBQphYwP2wOIRspHpAHoZz3BT/WJnagNzLcH:PDOYwohgEBT/W2H
Malware Config
Extracted
amadey
4.19
8fc809
http://nudump.com
http://otyt.ru
http://selltix.org
-
install_dir
b739b37d80
-
install_file
Dctooux.exe
-
strings_key
65bac8d4c26069c29f1fd276f7af33f3
-
url_paths
/forum/index.php
/forum2/index.php
/forum3/index.php
Targets
-
-
Target
d33669e2d1891b6a83c99084bcd669090cfeb50d14d46a1d41bd5911b78b33f7
-
Size
412KB
-
MD5
6efae158b8f1f6f991a6e325ba5d6d79
-
SHA1
b0acf08a0db55769e97f77c673c9fc3ffc2a4f8c
-
SHA256
d33669e2d1891b6a83c99084bcd669090cfeb50d14d46a1d41bd5911b78b33f7
-
SHA512
1f777b0af7687d7d7a6f20f021f288dbf2985f9e63678c7ef3fbd7efb0009e2a945588dbac65f1facc862c9d3cb42bdf8df013e8fb9112c76597fd2c78438a00
-
SSDEEP
6144:PJBQphYwP2wOIRspHpAHoZz3BT/WJnagNzLcH:PDOYwohgEBT/W2H
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-