General
-
Target
da708ba94087c1d7b3352f0228c01fbd671f7465da102372d4a7deaaa0a7e002
-
Size
489KB
-
Sample
240620-m117xatdld
-
MD5
d8ece4218b4afab0ab5dd6ea6e41f023
-
SHA1
f1f2157955512c1f9921120e5bf1be121173e88d
-
SHA256
da708ba94087c1d7b3352f0228c01fbd671f7465da102372d4a7deaaa0a7e002
-
SHA512
0e7bb5e18c5f247e2fd1e2377c8064ee075b67f482ef82f7c7f095bf64bf8f50913330569d6cf74e1c3b2e92f5c09c973b08fc84c8fb71498a0f108b2110750b
-
SSDEEP
6144:RNTLpF7aQa2dz1l+izah68hLsTWo/z7bAxuc5J4i9xmh2R0Q7ODY:7dF7aQa2dzHJI68STv/Iua4Imh2+Q
Malware Config
Extracted
amadey
4.19
8fc809
http://nudump.com
http://otyt.ru
http://selltix.org
-
install_dir
b739b37d80
-
install_file
Dctooux.exe
-
strings_key
65bac8d4c26069c29f1fd276f7af33f3
-
url_paths
/forum/index.php
/forum2/index.php
/forum3/index.php
Targets
-
-
Target
da708ba94087c1d7b3352f0228c01fbd671f7465da102372d4a7deaaa0a7e002
-
Size
489KB
-
MD5
d8ece4218b4afab0ab5dd6ea6e41f023
-
SHA1
f1f2157955512c1f9921120e5bf1be121173e88d
-
SHA256
da708ba94087c1d7b3352f0228c01fbd671f7465da102372d4a7deaaa0a7e002
-
SHA512
0e7bb5e18c5f247e2fd1e2377c8064ee075b67f482ef82f7c7f095bf64bf8f50913330569d6cf74e1c3b2e92f5c09c973b08fc84c8fb71498a0f108b2110750b
-
SSDEEP
6144:RNTLpF7aQa2dz1l+izah68hLsTWo/z7bAxuc5J4i9xmh2R0Q7ODY:7dF7aQa2dzHJI68STv/Iua4Imh2+Q
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-