General
-
Target
aa8bceef77ec9986f48cb9afbe09862d625927d524f0a6085607f26b7bf9e08e
-
Size
393KB
-
Sample
240619-2d36baygmq
-
MD5
88775aa028352ba8742e0bbd0108c18b
-
SHA1
1a17190d03408597ad1afc983434d4b76c2c9553
-
SHA256
aa8bceef77ec9986f48cb9afbe09862d625927d524f0a6085607f26b7bf9e08e
-
SHA512
04dba4ea6914a22878924ea6dfe078d66b4e8ab029b7bdc95c86df465ecd0472c8bc0fcf7d0c340f8099f563aea220462fb116f69bc5ad90784a80c81cf5f554
-
SSDEEP
6144:77IXFkhQM3grXae5cuMUIOgX4lHL8iBh+WF3CWwx2ibejev/ecH:70FkmM3+qqsUpxZBBFyTxxajeRH
Malware Config
Extracted
amadey
4.21
9a3efc
http://check-ftp.ru
-
install_dir
b9695770f1
-
install_file
Dctooux.exe
-
strings_key
1d3a0f2941c4060dba7f23a378474944
-
url_paths
/forum/index.php
Targets
-
-
Target
aa8bceef77ec9986f48cb9afbe09862d625927d524f0a6085607f26b7bf9e08e
-
Size
393KB
-
MD5
88775aa028352ba8742e0bbd0108c18b
-
SHA1
1a17190d03408597ad1afc983434d4b76c2c9553
-
SHA256
aa8bceef77ec9986f48cb9afbe09862d625927d524f0a6085607f26b7bf9e08e
-
SHA512
04dba4ea6914a22878924ea6dfe078d66b4e8ab029b7bdc95c86df465ecd0472c8bc0fcf7d0c340f8099f563aea220462fb116f69bc5ad90784a80c81cf5f554
-
SSDEEP
6144:77IXFkhQM3grXae5cuMUIOgX4lHL8iBh+WF3CWwx2ibejev/ecH:70FkmM3+qqsUpxZBBFyTxxajeRH
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-