General
-
Target
b273326184c376738fa6ba699dadee009e2f28ae74da04ed449179f99a2eef49N.exe
-
Size
256KB
-
Sample
241118-nap8dsvne1
-
MD5
a75f7ea987308049a22317140476bb40
-
SHA1
98533dbd1ffb72bdaa0077294d2d119700009c0f
-
SHA256
b273326184c376738fa6ba699dadee009e2f28ae74da04ed449179f99a2eef49
-
SHA512
822cb6c44009f7c42e419d905ac24d866a30ed677fea44d8b9dacaa351f4d13a6aa01ef79931c5427d8f9a41ea70b2637266784910cebe7d8b7024e41eb43950
-
SSDEEP
3072:fdg2WfgUqxS+dWIMOfdMsdmAYTH/lrsI3tbpxFTY5n5hwYPDpJKJRf8:1btUstdWROAOI9bpxZGQYPDWJ
Malware Config
Extracted
amadey
3.80
8c4642
http://193.201.9.240
-
install_dir
cb7ae701b3
-
install_file
oneetx.exe
-
strings_key
c7c0f24aa6d8f611f5533809029a4795
-
url_paths
/live/games/index.php
Targets
-
-
Target
b273326184c376738fa6ba699dadee009e2f28ae74da04ed449179f99a2eef49N.exe
-
Size
256KB
-
MD5
a75f7ea987308049a22317140476bb40
-
SHA1
98533dbd1ffb72bdaa0077294d2d119700009c0f
-
SHA256
b273326184c376738fa6ba699dadee009e2f28ae74da04ed449179f99a2eef49
-
SHA512
822cb6c44009f7c42e419d905ac24d866a30ed677fea44d8b9dacaa351f4d13a6aa01ef79931c5427d8f9a41ea70b2637266784910cebe7d8b7024e41eb43950
-
SSDEEP
3072:fdg2WfgUqxS+dWIMOfdMsdmAYTH/lrsI3tbpxFTY5n5hwYPDpJKJRf8:1btUstdWROAOI9bpxZGQYPDWJ
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Amadey family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-