General
-
Target
c08e3b5280f724bd7a650c051a3ed4ad.bin
-
Size
192KB
-
Sample
230206-mfr4hadd88
-
MD5
614471a62665b2de8f8286c9031d1e2b
-
SHA1
96a73d6b9bff6ddb710bec91b7ab05146183284b
-
SHA256
85163e03b8e49840995bb07e2e5c6984be18bbba8eb3fa0236d6c495fc14eaf6
-
SHA512
806f68e869f8f4126319d449e1e75ec166ff52a5a6489759ae553c7ef5494f68cd6a83b4ae9eb1456933d5fcdb63ff7a8d8d74535a16eed611dce5bbdb626db0
-
SSDEEP
3072:c61mnZDxL9WVsvz2FOSIvGzqDj58Yx+ySwrhpCIAsyZ/+3ATVO+G:KHpGsb2FOnSqD1fx+4rhpKsy9+wO
Malware Config
Extracted
amadey
3.66
62.204.41.4/Gol478Ns/index.php
Targets
-
-
Target
325a41b4dfab6ef08cfd83e2fb1ae1b1bbf1631cc8c2fe53ad29c78d657abfca.exe
-
Size
235KB
-
MD5
c08e3b5280f724bd7a650c051a3ed4ad
-
SHA1
4dc7760450fb29b8c0e8af4ccaa701dc4eb58f50
-
SHA256
325a41b4dfab6ef08cfd83e2fb1ae1b1bbf1631cc8c2fe53ad29c78d657abfca
-
SHA512
1bd26b9d7ce52a95daa5dfd03e72d9395aa4f21d75dffa225f6a1d19bc585af32c9ddd4288b1939b23152ab8d22695734bc06483630c5b236845725676e93142
-
SSDEEP
3072:ROhX0N7+f1l5GWp1icKAArDZz4N9GhbkrNEk1AIoCXqjZ4a4fT+XztasUiJ7G:ghEN7+tp0yN90QEfCX8Z437ujUiRG
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Modifies Windows Defender Real-time Protection settings
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-