General
-
Target
am.exe
-
Size
4.4MB
-
Sample
240627-vzyz6a1hmf
-
MD5
8b93302d2a4bf836ce4e6f6dbdad0ed4
-
SHA1
89d185e9754f77c16d816a9f27db26640d752c38
-
SHA256
cfe865ff674950f8d2bde9161d0b0a34b26b9f742022754f212077d9068a3ea4
-
SHA512
39474f3b012bf539d52f9c865005577663b0bac7b926e679f0e5b9dd15c17d23f2df2ba391b9ba9b7450e6d2fe0d2f76ec28fcef10ed3ab570d549efc7fb977a
-
SSDEEP
98304:16z8A7kkKDWYfUzsh75LkDeStk/QrGnGt0LgZkwRnCplOQz:gz8wS546Mt0LgZRAlH
Malware Config
Extracted
amadey
4.31
3b29ee
http://downloadfilesoft.com
http://downloadsoftfiles.com
http://filesoftdownload.com
-
strings_key
ef32af2366669933e54bb0548c8528f9
-
url_paths
/h9fmdW5/index.php
/h9fmdW6/index.php
/h9fmdW7/index.php
Targets
-
-
Target
am.exe
-
Size
4.4MB
-
MD5
8b93302d2a4bf836ce4e6f6dbdad0ed4
-
SHA1
89d185e9754f77c16d816a9f27db26640d752c38
-
SHA256
cfe865ff674950f8d2bde9161d0b0a34b26b9f742022754f212077d9068a3ea4
-
SHA512
39474f3b012bf539d52f9c865005577663b0bac7b926e679f0e5b9dd15c17d23f2df2ba391b9ba9b7450e6d2fe0d2f76ec28fcef10ed3ab570d549efc7fb977a
-
SSDEEP
98304:16z8A7kkKDWYfUzsh75LkDeStk/QrGnGt0LgZkwRnCplOQz:gz8wS546Mt0LgZRAlH
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-