General
-
Target
file
-
Size
525KB
-
Sample
230208-d48aysge2v
-
MD5
89e64257cf1e2854f52191677a169c98
-
SHA1
cb5ad1a04abfc28f40a79d819bb4bb7945fe5e2c
-
SHA256
8c41bec10d3f23b17a42b357ee1fb456084571dc35bb65aeab907d7d5030aeac
-
SHA512
84219f52a7a7dbae47f0166d13ec756cc62d980a6b34deb16ad9bf592ff50649062fc81f345cefcfc702db43427fe0deb3b28873dbbd6a81d31af00616b3a5ce
-
SSDEEP
12288:iMrEy90ZvZtSBUJrf0WLfcY64mcfnBhKAAmII:qyghOUJwWL44mshKGb
Malware Config
Extracted
amadey
3.66
62.204.41.4/Gol478Ns/index.php
Targets
-
-
Target
file
-
Size
525KB
-
MD5
89e64257cf1e2854f52191677a169c98
-
SHA1
cb5ad1a04abfc28f40a79d819bb4bb7945fe5e2c
-
SHA256
8c41bec10d3f23b17a42b357ee1fb456084571dc35bb65aeab907d7d5030aeac
-
SHA512
84219f52a7a7dbae47f0166d13ec756cc62d980a6b34deb16ad9bf592ff50649062fc81f345cefcfc702db43427fe0deb3b28873dbbd6a81d31af00616b3a5ce
-
SSDEEP
12288:iMrEy90ZvZtSBUJrf0WLfcY64mcfnBhKAAmII:qyghOUJwWL44mshKGb
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Modifies Windows Defender Real-time Protection settings
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-