General
-
Target
3833723de97caa93d9672b97264d799fd234aea63af6e4844d187d4a2e7afd9f
-
Size
486KB
-
Sample
240618-zd5b9szgpn
-
MD5
985f0c1eb940c70936bfcb357d9e1ae7
-
SHA1
c12e0682eadd458de74c6be0937a138188948632
-
SHA256
3833723de97caa93d9672b97264d799fd234aea63af6e4844d187d4a2e7afd9f
-
SHA512
13420c79c0234d03dc68efb2a36050f394632d57252e92c2e21996e230a5088266d68ef39877389560df7a52677f6ee12a3c3a5adee96cb548e2e717e8333988
-
SSDEEP
6144:6LURyX665L6faZgS51CjsAvkDH2HnvCkWMPP+hcK90lp9fb:6DXV5LLnQjsAvkT2HFPucKalp
Malware Config
Extracted
amadey
4.21
b2c2c1
http://greendag.ru
-
install_dir
e221f72865
-
install_file
Dctooux.exe
-
strings_key
09a7af7983af08af50ea3f51a73065e9
-
url_paths
/forum/index.php
Targets
-
-
Target
3833723de97caa93d9672b97264d799fd234aea63af6e4844d187d4a2e7afd9f
-
Size
486KB
-
MD5
985f0c1eb940c70936bfcb357d9e1ae7
-
SHA1
c12e0682eadd458de74c6be0937a138188948632
-
SHA256
3833723de97caa93d9672b97264d799fd234aea63af6e4844d187d4a2e7afd9f
-
SHA512
13420c79c0234d03dc68efb2a36050f394632d57252e92c2e21996e230a5088266d68ef39877389560df7a52677f6ee12a3c3a5adee96cb548e2e717e8333988
-
SSDEEP
6144:6LURyX665L6faZgS51CjsAvkDH2HnvCkWMPP+hcK90lp9fb:6DXV5LLnQjsAvkT2HFPucKalp
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-