General
-
Target
0cd3680d33ba4b97dc4966483187e70f6cb310052bee318a04cd40d9ba969053
-
Size
393KB
-
Sample
240619-3selyaxdmc
-
MD5
15fe2f0f485f3fd3324d0a46970c2f75
-
SHA1
2be21ce37e7da24f65278f4239c3e2e3703380ef
-
SHA256
0cd3680d33ba4b97dc4966483187e70f6cb310052bee318a04cd40d9ba969053
-
SHA512
d727eab5f0ce87a851a5a49ce8fb045fa3d9a41ffc9779b8484c97a0ecc1bf54d88b38e8ad610b8392fa4a287ec70ef9a15696ed28af3b4054a89eeba29a3853
-
SSDEEP
6144:t7IXFk+bAgHkED1sD6ZTRjQ/IioBnNdOd1Aq4qpSGgR8NWcH:t0FkGAgHVfS9oBnNSCxnCH
Malware Config
Extracted
amadey
4.21
b2c2c1
http://greendag.ru
-
install_dir
e221f72865
-
install_file
Dctooux.exe
-
strings_key
09a7af7983af08af50ea3f51a73065e9
-
url_paths
/forum/index.php
Targets
-
-
Target
0cd3680d33ba4b97dc4966483187e70f6cb310052bee318a04cd40d9ba969053
-
Size
393KB
-
MD5
15fe2f0f485f3fd3324d0a46970c2f75
-
SHA1
2be21ce37e7da24f65278f4239c3e2e3703380ef
-
SHA256
0cd3680d33ba4b97dc4966483187e70f6cb310052bee318a04cd40d9ba969053
-
SHA512
d727eab5f0ce87a851a5a49ce8fb045fa3d9a41ffc9779b8484c97a0ecc1bf54d88b38e8ad610b8392fa4a287ec70ef9a15696ed28af3b4054a89eeba29a3853
-
SSDEEP
6144:t7IXFk+bAgHkED1sD6ZTRjQ/IioBnNdOd1Aq4qpSGgR8NWcH:t0FkGAgHVfS9oBnNSCxnCH
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-