General
-
Target
73d24a6604782cffbb2b5b7109d552faab010ae434945c8923a9767d072ce177
-
Size
422KB
-
Sample
240619-ha3wlawanb
-
MD5
10345a9912b3ca22ec69ee6b5b761869
-
SHA1
fd73ecfbb11b50f36d199aad0fb80cac78bf283f
-
SHA256
73d24a6604782cffbb2b5b7109d552faab010ae434945c8923a9767d072ce177
-
SHA512
5404df59c6afe520eed045b03ca87d6909b6de0d184fc2af58a3f1ea7bbe67006d281167092c19e3e406c0ee410f9541d5a642df568aa61eda258882fed8b808
-
SSDEEP
6144:1L3rp2tcE9iU5Lae33s2O+NS3w4qXbHC769oGSUAWWmfDP7IVf/uZ4wIcH:1Hp2HiQLak3ZodOjy6CbrCkQdzH
Malware Config
Extracted
amadey
4.21
b2c2c1
http://greendag.ru
-
install_dir
e221f72865
-
install_file
Dctooux.exe
-
strings_key
09a7af7983af08af50ea3f51a73065e9
-
url_paths
/forum/index.php
Targets
-
-
Target
73d24a6604782cffbb2b5b7109d552faab010ae434945c8923a9767d072ce177
-
Size
422KB
-
MD5
10345a9912b3ca22ec69ee6b5b761869
-
SHA1
fd73ecfbb11b50f36d199aad0fb80cac78bf283f
-
SHA256
73d24a6604782cffbb2b5b7109d552faab010ae434945c8923a9767d072ce177
-
SHA512
5404df59c6afe520eed045b03ca87d6909b6de0d184fc2af58a3f1ea7bbe67006d281167092c19e3e406c0ee410f9541d5a642df568aa61eda258882fed8b808
-
SSDEEP
6144:1L3rp2tcE9iU5Lae33s2O+NS3w4qXbHC769oGSUAWWmfDP7IVf/uZ4wIcH:1Hp2HiQLak3ZodOjy6CbrCkQdzH
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-