Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2a3ba2217f8003eb20838f59e5312aea6cb3d520b65e29e36b27f6a19b438850

  • Size

    465KB

  • Sample

    240616-t2vj3szenf

  • MD5

    422e0b8f29c28f52836d6c6d73c97066

  • SHA1

    3c5a4300122ebb40e3f9de2a393dbdbb3238956b

  • SHA256

    2a3ba2217f8003eb20838f59e5312aea6cb3d520b65e29e36b27f6a19b438850

  • SHA512

    7083ecdb9537e1c5d8838b9047bebdbc69390329583f99492db949089a320114fc25b48ee77e474ecf7fbbd4613940949c0092d14fd829368a07c7a968700aa2

  • SSDEEP

    6144:hWw6nJViV/qYkHOXPbTSXuSNGevcsScJYL3FAavvK41T3Ge/WIOubT2:YfJViV+APK0evlScJYL3FAavvlN1W/8

Score
10/10
amadey9a3efctrojan

Malware Config

Extracted

Family

amadey

Version

4.21

Botnet

9a3efc

C2

http://check-ftp.ru

Attributes
  • install_dir

    b9695770f1

  • install_file

    Dctooux.exe

  • strings_key

    1d3a0f2941c4060dba7f23a378474944

  • url_paths

    /forum/index.php

rc4.plain

Targets

    • Target

      2a3ba2217f8003eb20838f59e5312aea6cb3d520b65e29e36b27f6a19b438850

    • Size

      465KB

    • MD5

      422e0b8f29c28f52836d6c6d73c97066

    • SHA1

      3c5a4300122ebb40e3f9de2a393dbdbb3238956b

    • SHA256

      2a3ba2217f8003eb20838f59e5312aea6cb3d520b65e29e36b27f6a19b438850

    • SHA512

      7083ecdb9537e1c5d8838b9047bebdbc69390329583f99492db949089a320114fc25b48ee77e474ecf7fbbd4613940949c0092d14fd829368a07c7a968700aa2

    • SSDEEP

      6144:hWw6nJViV/qYkHOXPbTSXuSNGevcsScJYL3FAavvK41T3Ge/WIOubT2:YfJViV+APK0evlScJYL3FAavvlN1W/8

    Score
    10/10
    amadey9a3efctrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks