General
-
Target
file.exe
-
Size
578KB
-
Sample
230206-r4qmssed69
-
MD5
eb4372b1408dda9b86cb571067988dac
-
SHA1
f6b2ce75ab7ceb7ddb4bafbeb52e30b98cbc1a3a
-
SHA256
e62393aa1335b39c00bf0e720208dd63b149edcec79279b9e9b23f5121df52e2
-
SHA512
4e75a7e8f0e1dd90ec31ac799e92ef99ac6e41c6f8c3646c76c1ae15e9a0c0f7e9fc2555228470b75a8a70800a2b659c57300a4cea9836facb90c532606fbdaa
-
SSDEEP
6144:Kwy+bnr+8p0yN90QElowlI+g3QuGfhvYKmuhn+IATOVTe/qh0UY5YnRp5tv8rTbU:QMrQy90XoR+gafhjsIFV0qGUvviP4Nf
Malware Config
Extracted
amadey
3.66
62.204.41.4/Gol478Ns/index.php
Targets
-
-
Target
file.exe
-
Size
578KB
-
MD5
eb4372b1408dda9b86cb571067988dac
-
SHA1
f6b2ce75ab7ceb7ddb4bafbeb52e30b98cbc1a3a
-
SHA256
e62393aa1335b39c00bf0e720208dd63b149edcec79279b9e9b23f5121df52e2
-
SHA512
4e75a7e8f0e1dd90ec31ac799e92ef99ac6e41c6f8c3646c76c1ae15e9a0c0f7e9fc2555228470b75a8a70800a2b659c57300a4cea9836facb90c532606fbdaa
-
SSDEEP
6144:Kwy+bnr+8p0yN90QElowlI+g3QuGfhvYKmuhn+IATOVTe/qh0UY5YnRp5tv8rTbU:QMrQy90XoR+gafhjsIFV0qGUvviP4Nf
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Modifies Windows Defender Real-time Protection settings
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-