General
-
Target
98ce6f18fd160dbb5a40dbf54d3986bf74e04758766d12949ab5b5bb96d2b35a
-
Size
558KB
-
Sample
230206-xb1vysae7y
-
MD5
6881d6769dfa4a803ab0deaa5895c74e
-
SHA1
bf416c448026c41e9331de0dab84fc2b62a62592
-
SHA256
98ce6f18fd160dbb5a40dbf54d3986bf74e04758766d12949ab5b5bb96d2b35a
-
SHA512
e95be03c87f3ea92e9691380e5d3be7e5157ba562582907fe92827af2f67b324b7a9266375132bfb9dc3b00912122c99d5ef6d839dc5cd300f7caf4623b94068
-
SSDEEP
12288:PMrny90ywwLGrh3er/sMdx7EibmqqN4oYhv0:ky/wwc3ebLrQiCXG9v0
Malware Config
Extracted
amadey
3.66
62.204.41.4/Gol478Ns/index.php
Targets
-
-
Target
98ce6f18fd160dbb5a40dbf54d3986bf74e04758766d12949ab5b5bb96d2b35a
-
Size
558KB
-
MD5
6881d6769dfa4a803ab0deaa5895c74e
-
SHA1
bf416c448026c41e9331de0dab84fc2b62a62592
-
SHA256
98ce6f18fd160dbb5a40dbf54d3986bf74e04758766d12949ab5b5bb96d2b35a
-
SHA512
e95be03c87f3ea92e9691380e5d3be7e5157ba562582907fe92827af2f67b324b7a9266375132bfb9dc3b00912122c99d5ef6d839dc5cd300f7caf4623b94068
-
SSDEEP
12288:PMrny90ywwLGrh3er/sMdx7EibmqqN4oYhv0:ky/wwc3ebLrQiCXG9v0
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Modifies Windows Defender Real-time Protection settings
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-