General
-
Target
f93f39819b5443b4e83783445eefd4e1c075d69a7f6c2379ccca08b17a4f70b6.exe
-
Size
1.2MB
-
Sample
241217-f5fnfasram
-
MD5
f880c05fa8059b3f68e29922d370ec0c
-
SHA1
19e3afc0856bad554ccb248085355ada23cc37ab
-
SHA256
f93f39819b5443b4e83783445eefd4e1c075d69a7f6c2379ccca08b17a4f70b6
-
SHA512
7c3a8b887a83735e33290d49b58d1b5c55177c2455a546b1ad8c31b0b0cb3d14d06e1bc2101a3f93361080390760a1871c098b7f3825ed973ab8f3268e0a45b7
-
SSDEEP
24576:iEFH0r5fK09vmJcTGln3AJ7aOg4ZbJgELn4nrQgLiz4sQ4/hxNnZbYFOONc4RUYm:iEFM9vHg6y4h7arQz4slxZZbhOW4qGWF
Malware Config
Extracted
amadey
5.04
b44aeb
-
install_dir
7725ce688f
-
install_file
Gxtuum.exe
-
strings_key
8bf9b3f72bb53c678e0173edf42df1ae
-
url_paths
/3ofn3jf3e2ljk/index.php
Targets
-
-
Target
f93f39819b5443b4e83783445eefd4e1c075d69a7f6c2379ccca08b17a4f70b6.exe
-
Size
1.2MB
-
MD5
f880c05fa8059b3f68e29922d370ec0c
-
SHA1
19e3afc0856bad554ccb248085355ada23cc37ab
-
SHA256
f93f39819b5443b4e83783445eefd4e1c075d69a7f6c2379ccca08b17a4f70b6
-
SHA512
7c3a8b887a83735e33290d49b58d1b5c55177c2455a546b1ad8c31b0b0cb3d14d06e1bc2101a3f93361080390760a1871c098b7f3825ed973ab8f3268e0a45b7
-
SSDEEP
24576:iEFH0r5fK09vmJcTGln3AJ7aOg4ZbJgELn4nrQgLiz4sQ4/hxNnZbYFOONc4RUYm:iEFM9vHg6y4h7arQz4slxZZbhOW4qGWF
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Amadey family
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-