General
-
Target
86e766107ce5adc25529f90dced11c1ed86c265d19c2b1cc348e926157f0b265
-
Size
558KB
-
Sample
230206-xk173sfd38
-
MD5
8c74cca13b2d250fffb4cd454729763e
-
SHA1
43a1dda7390b8ca24517ae9d6f229003384da68f
-
SHA256
86e766107ce5adc25529f90dced11c1ed86c265d19c2b1cc348e926157f0b265
-
SHA512
e1fd3b89c4ef9d3acb4daf72478c58a10183eba383c165de27a4ed2ede81dc5fa2490efda1075bedbb351b6da00e83385b44ff72c452d6fadb3e60f356b134c9
-
SSDEEP
12288:tMriy90l4/mUfW4bTUK6uYCvmTC53VpagC+bVhKnZBe1:DyiUJDHvu0VqBe1
Malware Config
Extracted
amadey
3.66
62.204.41.4/Gol478Ns/index.php
Targets
-
-
Target
86e766107ce5adc25529f90dced11c1ed86c265d19c2b1cc348e926157f0b265
-
Size
558KB
-
MD5
8c74cca13b2d250fffb4cd454729763e
-
SHA1
43a1dda7390b8ca24517ae9d6f229003384da68f
-
SHA256
86e766107ce5adc25529f90dced11c1ed86c265d19c2b1cc348e926157f0b265
-
SHA512
e1fd3b89c4ef9d3acb4daf72478c58a10183eba383c165de27a4ed2ede81dc5fa2490efda1075bedbb351b6da00e83385b44ff72c452d6fadb3e60f356b134c9
-
SSDEEP
12288:tMriy90l4/mUfW4bTUK6uYCvmTC53VpagC+bVhKnZBe1:DyiUJDHvu0VqBe1
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Modifies Windows Defender Real-time Protection settings
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-