General
-
Target
ced8891ea8d87005de989f25f0f94634d1fc70ebb37302cf21aa0c0b0e13350f.zip
-
Size
1.3MB
-
Sample
241212-qxplgswjdv
-
MD5
021717d54f3cfc3c4f178bc4a89269d0
-
SHA1
48b301e73b6ba8263c085613039528997bc03a44
-
SHA256
856c2c32026447fcb65a04b3c0d5e7905c57387e6060ac5d2a2d48e96ec0c8fd
-
SHA512
06080ca946c824885da76556f71be7ae88b546f8b82b45f06565ae9064946af03ba4e0e0de4c6585130ee76e27bbf4f8ca536a56d41ddf22c7c6a184bc3c76f4
-
SSDEEP
24576:yOsYGiQIiexKBSPh/iTMJp0LC6KcvCcB0le0drKT6ypRn4GTauLhfEhaAd:1sAd8B6h/GMECIqcBadWuyVHLGMAd
Malware Config
Extracted
amadey
4.18
1cc3fe
http://vitantgroup.com
-
install_dir
431a343abc
-
install_file
Dctooux.exe
-
strings_key
5a2387e2bfef84adb686c856b4155237
-
url_paths
/xmlrpc.php
Targets
-
-
Target
ced8891ea8d87005de989f25f0f94634d1fc70ebb37302cf21aa0c0b0e13350f.exe
-
Size
1.3MB
-
MD5
db04aa6e158c5d52c20fc855f5285905
-
SHA1
822416dfa3f094aa6776ed0cad77fb9083db29a3
-
SHA256
ced8891ea8d87005de989f25f0f94634d1fc70ebb37302cf21aa0c0b0e13350f
-
SHA512
cdc0ff46ac48178da0a68d4e2601a46a960c3aa998edd66a7bb6a39d1caa7dbbe53f1aa463307a9932996d2993386addc7c54cee73811897b075dd75fbc904ff
-
SSDEEP
24576:wbsh2BfGSklE31Sa1jnzi+k24VR5SLRUyvQAqBYcTHykVbFv4pOdfEPkXsvHo/s/:wbsQf6lEFti+kZRSUJAqB/VRsO/oo/sJ
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Amadey family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-