General
-
Target
tmpA37F.bin
-
Size
393KB
-
Sample
230918-h1qzqaff5v
-
MD5
9715d63d92cd5ebcc3f6c5cb50bd461f
-
SHA1
d35920fb066076b09bec255f4521aed4ab8918cc
-
SHA256
0efe90fbe05fdbe7645cc238be406b3add95c4b2307120b73697674ad408b0de
-
SHA512
99bf1f16d5ec036f1c7f0650d1d945570bfa6f5a0b6d2f68a2d7e9d13d55bc5b26d08f53383cb86bc7fac593aa2de746b9d798758433f0256c4b40f71f31e77f
-
SSDEEP
6144:ogyebCLfoDJy/s52oeXxGKiW00x5ALyiCy7Ie:oWbofesgeGk00ryfMe
Malware Config
Extracted
amadey
3.88
http://185.215.113.35/bkd7djmsa/index.php
-
install_dir
cc485ba720
-
install_file
yiueea.exe
-
strings_key
3ddca269a1829060c1d7b5fe398e06e2
Targets
-
-
Target
tmpA37F.bin
-
Size
393KB
-
MD5
9715d63d92cd5ebcc3f6c5cb50bd461f
-
SHA1
d35920fb066076b09bec255f4521aed4ab8918cc
-
SHA256
0efe90fbe05fdbe7645cc238be406b3add95c4b2307120b73697674ad408b0de
-
SHA512
99bf1f16d5ec036f1c7f0650d1d945570bfa6f5a0b6d2f68a2d7e9d13d55bc5b26d08f53383cb86bc7fac593aa2de746b9d798758433f0256c4b40f71f31e77f
-
SSDEEP
6144:ogyebCLfoDJy/s52oeXxGKiW00x5ALyiCy7Ie:oWbofesgeGk00ryfMe
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-