General
-
Target
d317ee086ebeccf5e01e002ca6b0ead9.bin
-
Size
215KB
-
Sample
241213-byhf8strdw
-
MD5
e20d0a6fbaa103f29ff75026c99c65ea
-
SHA1
5e36424e522a2e38f4eb43a3cdde641ded02d866
-
SHA256
28daecd1445ed2b967d9d836b31ac8bf9da133ceba51aabd3309543de0108270
-
SHA512
ea6e0e88064e0ff1a4469f376b9e806975c1686adeeb2e82198370eeb6a141125f4d45486224a16261de0deab84c71d921f20393c41dc62566f8970d3e95c256
-
SSDEEP
3072:Bp8g5vCgWy0LmMQMQB+fbLPnK3tYfkadVoQkDuRhTCNHMp+lTnVrvXzZAXg8TEZp:EuaghymMC+f/PeAdVVkDYCup+7fzQrRg
Malware Config
Extracted
amadey
4.18
1cc3fe
http://vitantgroup.com
-
install_dir
431a343abc
-
install_file
Dctooux.exe
-
strings_key
5a2387e2bfef84adb686c856b4155237
-
url_paths
/xmlrpc.php
Targets
-
-
Target
dfdc0318f3dc5ba3f960b1f338b638cd9645856d2a2af8aa33ea0f9979a9ca4c.exe
-
Size
437KB
-
MD5
d317ee086ebeccf5e01e002ca6b0ead9
-
SHA1
48e8c5846d9c67649b3c2fb8d76aa951828dd84e
-
SHA256
dfdc0318f3dc5ba3f960b1f338b638cd9645856d2a2af8aa33ea0f9979a9ca4c
-
SHA512
5fc335758f587e9f9f35309b101c16a4e2faa840013f8024f45eb33b9aa402a2877cbc07f76f389d25e2cf20607486997218de52c46364e2c89a5fa28a785032
-
SSDEEP
12288:fHxmm31uLFn23TURCwbH8SnBkKuJ+RctSaWrQz:/BuLFn2DUELSS7s
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Amadey family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-