General
-
Target
si096022.exe
-
Size
397KB
-
Sample
230414-epf4lahe4s
-
MD5
73322119dde2931ef4675da872b6e388
-
SHA1
666909e836d4896520d7b01669820f0e8eb103a1
-
SHA256
a79c5393e57aa37ec1e86e848e11468788a7b9e9f580b8ce551913a3add57cd3
-
SHA512
360a30c047d52828252bb6aa484a900e00f6671bd5efdc27845476701b1c9ffcdbcfc7e5b3dceac05d89b83a66273b9e5b9dbd8e982810ba94fd226af216faef
-
SSDEEP
6144:69A7mEx3kKzOLghmfeExx1Ydj8L3YS4JEHxubb0Ut:69smYkKqLghmeEFUIL3YZAEb
Malware Config
Extracted
amadey
3.70
193.201.9.43/plays/chapter/index.php
Targets
-
-
Target
si096022.exe
-
Size
397KB
-
MD5
73322119dde2931ef4675da872b6e388
-
SHA1
666909e836d4896520d7b01669820f0e8eb103a1
-
SHA256
a79c5393e57aa37ec1e86e848e11468788a7b9e9f580b8ce551913a3add57cd3
-
SHA512
360a30c047d52828252bb6aa484a900e00f6671bd5efdc27845476701b1c9ffcdbcfc7e5b3dceac05d89b83a66273b9e5b9dbd8e982810ba94fd226af216faef
-
SSDEEP
6144:69A7mEx3kKzOLghmfeExx1Ydj8L3YS4JEHxubb0Ut:69smYkKqLghmeEFUIL3YZAEb
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-