General
-
Target
d714a2ea0b437ad3ddb4759188b73d8923feb35d997a5cadc108382a1b438df0
-
Size
392KB
-
Sample
240619-1wgjlaxhpr
-
MD5
187aabbcb4ca164f10f47ea6d9b1dec4
-
SHA1
4de7ed089147f8dca9e0ec9c39114167765a5a0c
-
SHA256
d714a2ea0b437ad3ddb4759188b73d8923feb35d997a5cadc108382a1b438df0
-
SHA512
8a9033717f6375fb53e2460d516ee74acdaed6039b05306d011c23d0fe837ffa48c2835d6e87bea237fc7920b126c495f40525104ed51c28b9d508586250dd18
-
SSDEEP
6144:G4IXFkvOBWPO7U4tOKeRdn1rD02TL7lc2Sov08cH:GRFkvOBWPhbvrosRc2SocHH
Malware Config
Extracted
amadey
4.21
b2c2c1
http://greendag.ru
-
install_dir
e221f72865
-
install_file
Dctooux.exe
-
strings_key
09a7af7983af08af50ea3f51a73065e9
-
url_paths
/forum/index.php
Targets
-
-
Target
d714a2ea0b437ad3ddb4759188b73d8923feb35d997a5cadc108382a1b438df0
-
Size
392KB
-
MD5
187aabbcb4ca164f10f47ea6d9b1dec4
-
SHA1
4de7ed089147f8dca9e0ec9c39114167765a5a0c
-
SHA256
d714a2ea0b437ad3ddb4759188b73d8923feb35d997a5cadc108382a1b438df0
-
SHA512
8a9033717f6375fb53e2460d516ee74acdaed6039b05306d011c23d0fe837ffa48c2835d6e87bea237fc7920b126c495f40525104ed51c28b9d508586250dd18
-
SSDEEP
6144:G4IXFkvOBWPO7U4tOKeRdn1rD02TL7lc2Sov08cH:GRFkvOBWPhbvrosRc2SocHH
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-