General

  • Target

    aa8bceef77ec9986f48cb9afbe09862d625927d524f0a6085607f26b7bf9e08e

  • Size

    393KB

  • Sample

    240619-2d36baygmq

  • MD5

    88775aa028352ba8742e0bbd0108c18b

  • SHA1

    1a17190d03408597ad1afc983434d4b76c2c9553

  • SHA256

    aa8bceef77ec9986f48cb9afbe09862d625927d524f0a6085607f26b7bf9e08e

  • SHA512

    04dba4ea6914a22878924ea6dfe078d66b4e8ab029b7bdc95c86df465ecd0472c8bc0fcf7d0c340f8099f563aea220462fb116f69bc5ad90784a80c81cf5f554

  • SSDEEP

    6144:77IXFkhQM3grXae5cuMUIOgX4lHL8iBh+WF3CWwx2ibejev/ecH:70FkmM3+qqsUpxZBBFyTxxajeRH

Score
10/10

Malware Config

Extracted

Family

amadey

Version

4.21

Botnet

9a3efc

C2

http://check-ftp.ru

Attributes
  • install_dir

    b9695770f1

  • install_file

    Dctooux.exe

  • strings_key

    1d3a0f2941c4060dba7f23a378474944

  • url_paths

    /forum/index.php

rc4.plain

Targets

    • Target

      aa8bceef77ec9986f48cb9afbe09862d625927d524f0a6085607f26b7bf9e08e

    • Size

      393KB

    • MD5

      88775aa028352ba8742e0bbd0108c18b

    • SHA1

      1a17190d03408597ad1afc983434d4b76c2c9553

    • SHA256

      aa8bceef77ec9986f48cb9afbe09862d625927d524f0a6085607f26b7bf9e08e

    • SHA512

      04dba4ea6914a22878924ea6dfe078d66b4e8ab029b7bdc95c86df465ecd0472c8bc0fcf7d0c340f8099f563aea220462fb116f69bc5ad90784a80c81cf5f554

    • SSDEEP

      6144:77IXFkhQM3grXae5cuMUIOgX4lHL8iBh+WF3CWwx2ibejev/ecH:70FkmM3+qqsUpxZBBFyTxxajeRH

    Score
    10/10
    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Matrix ATT&CK v13

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks