Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d11be6f9d86f5e47a2b6563bf867732d8668aeeb982c9c3ae6c4556b5e380bd1

  • Size

    490KB

  • Sample

    240603-plre9sfe87

  • MD5

    e2370d7ffcc4a940c4df609d93a057f9

  • SHA1

    10415cc70be04dde9b26a7d3953b57a56aceeeeb

  • SHA256

    d11be6f9d86f5e47a2b6563bf867732d8668aeeb982c9c3ae6c4556b5e380bd1

  • SHA512

    6d06a214f906e3beb00fc6b1a80d85406e827a5a8e88fc53504b7148ced2176bd25de4e7e62444afb849a19d11e61608d18b26329db9610b6efb8a1d1d617842

  • SSDEEP

    6144:9kfTeSuE9VUiSqctIMH7u5rsAa7U0afD1FWAo8QCDqJ2BYxhdnZXOFfkH1WTU:9ETeSpLXobu5r07U4AYCDWxefkg

Score
10/10
amadey9a3efctrojan

Malware Config

Extracted

Family

amadey

Version

4.21

Botnet

9a3efc

C2

http://check-ftp.ru

Attributes
  • install_dir

    b9695770f1

  • install_file

    Dctooux.exe

  • strings_key

    1d3a0f2941c4060dba7f23a378474944

  • url_paths

    /forum/index.php

rc4.plain

Targets

    • Target

      d11be6f9d86f5e47a2b6563bf867732d8668aeeb982c9c3ae6c4556b5e380bd1

    • Size

      490KB

    • MD5

      e2370d7ffcc4a940c4df609d93a057f9

    • SHA1

      10415cc70be04dde9b26a7d3953b57a56aceeeeb

    • SHA256

      d11be6f9d86f5e47a2b6563bf867732d8668aeeb982c9c3ae6c4556b5e380bd1

    • SHA512

      6d06a214f906e3beb00fc6b1a80d85406e827a5a8e88fc53504b7148ced2176bd25de4e7e62444afb849a19d11e61608d18b26329db9610b6efb8a1d1d617842

    • SSDEEP

      6144:9kfTeSuE9VUiSqctIMH7u5rsAa7U0afD1FWAo8QCDqJ2BYxhdnZXOFfkH1WTU:9ETeSpLXobu5r07U4AYCDWxefkg

    Score
    10/10
    amadey9a3efctrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks