General
-
Target
827052af840de6cb2310b29985b84428828a8d2aebb4bd76c23395fc7fefec49
-
Size
486KB
-
Sample
240606-cf3vwsfc76
-
MD5
a301fc20b8e6b07d0ddb6909e3169b93
-
SHA1
d69d2f49fb497a9b7afb23e1b57b73f8967923c3
-
SHA256
827052af840de6cb2310b29985b84428828a8d2aebb4bd76c23395fc7fefec49
-
SHA512
37e31daf432bad8e6b1455f6deba7cfbf44b646cf2f95ddf58e20abfb2f31ed9839cc959546dbef60613244c92b106ee0f532f360686273e0fbdfde2d9790924
-
SSDEEP
12288:6i6Q52wyGleITJYOlKO98B8CF6Yi3U1sSK:63G2wyHsCE8R6YZ1sS
Malware Config
Extracted
amadey
4.21
9a3efc
http://check-ftp.ru
-
install_dir
b9695770f1
-
install_file
Dctooux.exe
-
strings_key
1d3a0f2941c4060dba7f23a378474944
-
url_paths
/forum/index.php
Targets
-
-
Target
827052af840de6cb2310b29985b84428828a8d2aebb4bd76c23395fc7fefec49
-
Size
486KB
-
MD5
a301fc20b8e6b07d0ddb6909e3169b93
-
SHA1
d69d2f49fb497a9b7afb23e1b57b73f8967923c3
-
SHA256
827052af840de6cb2310b29985b84428828a8d2aebb4bd76c23395fc7fefec49
-
SHA512
37e31daf432bad8e6b1455f6deba7cfbf44b646cf2f95ddf58e20abfb2f31ed9839cc959546dbef60613244c92b106ee0f532f360686273e0fbdfde2d9790924
-
SSDEEP
12288:6i6Q52wyGleITJYOlKO98B8CF6Yi3U1sSK:63G2wyHsCE8R6YZ1sS
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-