General
-
Target
4122bda2bff849b89259410bd1b4dd4849458035cb41a5206ba3d8ba065b6842
-
Size
455KB
-
Sample
240616-bdcegswflj
-
MD5
1f1403ec9b3f22e74f103ba830d057b9
-
SHA1
3e0eda6ac7523009dcff1b39b8b95f07d906d5eb
-
SHA256
4122bda2bff849b89259410bd1b4dd4849458035cb41a5206ba3d8ba065b6842
-
SHA512
a00b53a51924b0d35246e1b4db5af7b49b74e25cbb064406acdbbf95d1f0a827038303780b2669d72e7fd1e087193cd20c6f9cb0ad47f8c609f1dbb45724aabc
-
SSDEEP
6144:/O/odTI5BVutOpVLMbkI+iHBVI+hHRJVxEVzhbyzJjiCl6XRpagzWhkDCIOu4TL:2/mMFuOpV2kI+/wXsbbyzJjtoBpFG//
Malware Config
Extracted
amadey
4.21
9a3efc
http://check-ftp.ru
-
install_dir
b9695770f1
-
install_file
Dctooux.exe
-
strings_key
1d3a0f2941c4060dba7f23a378474944
-
url_paths
/forum/index.php
Targets
-
-
Target
4122bda2bff849b89259410bd1b4dd4849458035cb41a5206ba3d8ba065b6842
-
Size
455KB
-
MD5
1f1403ec9b3f22e74f103ba830d057b9
-
SHA1
3e0eda6ac7523009dcff1b39b8b95f07d906d5eb
-
SHA256
4122bda2bff849b89259410bd1b4dd4849458035cb41a5206ba3d8ba065b6842
-
SHA512
a00b53a51924b0d35246e1b4db5af7b49b74e25cbb064406acdbbf95d1f0a827038303780b2669d72e7fd1e087193cd20c6f9cb0ad47f8c609f1dbb45724aabc
-
SSDEEP
6144:/O/odTI5BVutOpVLMbkI+iHBVI+hHRJVxEVzhbyzJjiCl6XRpagzWhkDCIOu4TL:2/mMFuOpV2kI+/wXsbbyzJjtoBpFG//
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-