General
-
Target
ced8891ea8d87005de989f25f0f94634d1fc70ebb37302cf21aa0c0b0e13350f.exe
-
Size
1.3MB
-
Sample
241212-c85j7asmcn
-
MD5
db04aa6e158c5d52c20fc855f5285905
-
SHA1
822416dfa3f094aa6776ed0cad77fb9083db29a3
-
SHA256
ced8891ea8d87005de989f25f0f94634d1fc70ebb37302cf21aa0c0b0e13350f
-
SHA512
cdc0ff46ac48178da0a68d4e2601a46a960c3aa998edd66a7bb6a39d1caa7dbbe53f1aa463307a9932996d2993386addc7c54cee73811897b075dd75fbc904ff
-
SSDEEP
24576:wbsh2BfGSklE31Sa1jnzi+k24VR5SLRUyvQAqBYcTHykVbFv4pOdfEPkXsvHo/s/:wbsQf6lEFti+kZRSUJAqB/VRsO/oo/sJ
Static task
static1
Behavioral task
behavioral1
Sample
ced8891ea8d87005de989f25f0f94634d1fc70ebb37302cf21aa0c0b0e13350f.exe
Resource
win7-20240903-en
Malware Config
Extracted
amadey
4.18
1cc3fe
http://vitantgroup.com
-
install_dir
431a343abc
-
install_file
Dctooux.exe
-
strings_key
5a2387e2bfef84adb686c856b4155237
-
url_paths
/xmlrpc.php
Targets
-
-
Target
ced8891ea8d87005de989f25f0f94634d1fc70ebb37302cf21aa0c0b0e13350f.exe
-
Size
1.3MB
-
MD5
db04aa6e158c5d52c20fc855f5285905
-
SHA1
822416dfa3f094aa6776ed0cad77fb9083db29a3
-
SHA256
ced8891ea8d87005de989f25f0f94634d1fc70ebb37302cf21aa0c0b0e13350f
-
SHA512
cdc0ff46ac48178da0a68d4e2601a46a960c3aa998edd66a7bb6a39d1caa7dbbe53f1aa463307a9932996d2993386addc7c54cee73811897b075dd75fbc904ff
-
SSDEEP
24576:wbsh2BfGSklE31Sa1jnzi+k24VR5SLRUyvQAqBYcTHykVbFv4pOdfEPkXsvHo/s/:wbsQf6lEFti+kZRSUJAqB/VRsO/oo/sJ
-
Amadey family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-