General
-
Target
e9d733275a362c8962309d2a2f602561bd7e93180a234c54900aea71f9cc9793
-
Size
486KB
-
Sample
240619-amlh3szdpf
-
MD5
3c78ba82cceb98a3e01f012d537a639c
-
SHA1
5f28d0068e8efe10336df01c5f90f4cc9cd3ac2a
-
SHA256
e9d733275a362c8962309d2a2f602561bd7e93180a234c54900aea71f9cc9793
-
SHA512
7e128bd759f146903c30a0ddee5a02a2a373d0af5ef524037ac88f685cfc640df5a573070e18d66be090c8de4e1ffee7ad0ace6eeb0064ef04c3f740017eb5c8
-
SSDEEP
6144:OLNRykr738hmOlT808NQLTo2zeW+dChBSN2FlMwOKWo2:Omk/2S08NQA3pOlMwpWo
Malware Config
Extracted
amadey
4.21
b2c2c1
http://greendag.ru
-
install_dir
e221f72865
-
install_file
Dctooux.exe
-
strings_key
09a7af7983af08af50ea3f51a73065e9
-
url_paths
/forum/index.php
Targets
-
-
Target
e9d733275a362c8962309d2a2f602561bd7e93180a234c54900aea71f9cc9793
-
Size
486KB
-
MD5
3c78ba82cceb98a3e01f012d537a639c
-
SHA1
5f28d0068e8efe10336df01c5f90f4cc9cd3ac2a
-
SHA256
e9d733275a362c8962309d2a2f602561bd7e93180a234c54900aea71f9cc9793
-
SHA512
7e128bd759f146903c30a0ddee5a02a2a373d0af5ef524037ac88f685cfc640df5a573070e18d66be090c8de4e1ffee7ad0ace6eeb0064ef04c3f740017eb5c8
-
SSDEEP
6144:OLNRykr738hmOlT808NQLTo2zeW+dChBSN2FlMwOKWo2:Omk/2S08NQA3pOlMwpWo
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-