General
-
Target
7b4dc90b59760320253596a753556de932a32fd1967726b7321a0095760f7bcf
-
Size
388KB
-
Sample
240606-z1p6vsca7y
-
MD5
b301aadbc50a1ab085f8ef2268aed5e2
-
SHA1
435d32f0176818fc8bdcced29b58e359894b7f27
-
SHA256
7b4dc90b59760320253596a753556de932a32fd1967726b7321a0095760f7bcf
-
SHA512
698c8ca820f1e973d3671243eee4aeaec93a52711577ec885be89018cefdb3fed992995c210c9e78b06ef2b134fa60cc8406e87862357613282102bf76cb299d
-
SSDEEP
6144:2hDiUM0J5LbLZ3olszp7YYcdbqtvN+x/r7nGriENsfVuT:YM0J9LZ3ols9YYcdbqtvN0/XnGrjsE
Malware Config
Extracted
amadey
4.21
9a3efc
http://check-ftp.ru
-
install_dir
b9695770f1
-
install_file
Dctooux.exe
-
strings_key
1d3a0f2941c4060dba7f23a378474944
-
url_paths
/forum/index.php
Targets
-
-
Target
7b4dc90b59760320253596a753556de932a32fd1967726b7321a0095760f7bcf
-
Size
388KB
-
MD5
b301aadbc50a1ab085f8ef2268aed5e2
-
SHA1
435d32f0176818fc8bdcced29b58e359894b7f27
-
SHA256
7b4dc90b59760320253596a753556de932a32fd1967726b7321a0095760f7bcf
-
SHA512
698c8ca820f1e973d3671243eee4aeaec93a52711577ec885be89018cefdb3fed992995c210c9e78b06ef2b134fa60cc8406e87862357613282102bf76cb299d
-
SSDEEP
6144:2hDiUM0J5LbLZ3olszp7YYcdbqtvN+x/r7nGriENsfVuT:YM0J9LZ3ols9YYcdbqtvN0/XnGrjsE
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-