General
-
Target
2c0c52e68b6347f5ab7f034f7dd517436194021af59025a81d56734c35b1c71c
-
Size
577KB
-
Sample
230206-rx15yshf6v
-
MD5
fd2020eff9e2d2acf0f6bc991688b964
-
SHA1
0ec84b43d8df123b34488cacf887538b06fca19d
-
SHA256
2c0c52e68b6347f5ab7f034f7dd517436194021af59025a81d56734c35b1c71c
-
SHA512
ed93d89d0169b068cbb3fbc7f90c11708af84750488e4542334d255b043cf0cd059f72e44c869be321630dfa9b3bb3f853f27fdf3490918cca02327fa90c9482
-
SSDEEP
12288:vMrsy90k7NFR6aI8i9tSiaoMW9nFK1R8nB:XyZxi9thayB
Malware Config
Extracted
amadey
3.66
62.204.41.4/Gol478Ns/index.php
Targets
-
-
Target
2c0c52e68b6347f5ab7f034f7dd517436194021af59025a81d56734c35b1c71c
-
Size
577KB
-
MD5
fd2020eff9e2d2acf0f6bc991688b964
-
SHA1
0ec84b43d8df123b34488cacf887538b06fca19d
-
SHA256
2c0c52e68b6347f5ab7f034f7dd517436194021af59025a81d56734c35b1c71c
-
SHA512
ed93d89d0169b068cbb3fbc7f90c11708af84750488e4542334d255b043cf0cd059f72e44c869be321630dfa9b3bb3f853f27fdf3490918cca02327fa90c9482
-
SSDEEP
12288:vMrsy90k7NFR6aI8i9tSiaoMW9nFK1R8nB:XyZxi9thayB
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Modifies Windows Defender Real-time Protection settings
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-