General
-
Target
9ed075f19fcf6517136d96fe934b3cbebb27060be094e2d00f2a7166dfcfe9ae
-
Size
558KB
-
Sample
230207-bgwmjagg83
-
MD5
c606a7015faecd080e07bc338f1f8d65
-
SHA1
d8946141f21a803cd6d584cd58b482caf60e563d
-
SHA256
9ed075f19fcf6517136d96fe934b3cbebb27060be094e2d00f2a7166dfcfe9ae
-
SHA512
2be61b9c3d5da5469a172052721bea314d3d7ec8fe96246452254a71e5c235141f7c44311693f92dee4c84fa42a3404a95bf30304f479250c6eba0db59da1576
-
SSDEEP
12288:7Mr1y90KLaiu9LjL5jaCp0sOw5YJey+yU5HCl:my9L6nL9aCp0sOIYJBpUIl
Malware Config
Extracted
amadey
3.66
62.204.41.4/Gol478Ns/index.php
Targets
-
-
Target
9ed075f19fcf6517136d96fe934b3cbebb27060be094e2d00f2a7166dfcfe9ae
-
Size
558KB
-
MD5
c606a7015faecd080e07bc338f1f8d65
-
SHA1
d8946141f21a803cd6d584cd58b482caf60e563d
-
SHA256
9ed075f19fcf6517136d96fe934b3cbebb27060be094e2d00f2a7166dfcfe9ae
-
SHA512
2be61b9c3d5da5469a172052721bea314d3d7ec8fe96246452254a71e5c235141f7c44311693f92dee4c84fa42a3404a95bf30304f479250c6eba0db59da1576
-
SSDEEP
12288:7Mr1y90KLaiu9LjL5jaCp0sOw5YJey+yU5HCl:my9L6nL9aCp0sOIYJBpUIl
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Modifies Windows Defender Real-time Protection settings
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-