General
-
Target
b53baa34326bd3039109fe90b74b16821a516846c0548803912c7b72a977da90
-
Size
425KB
-
Sample
240619-l7qt3syckh
-
MD5
f127a23d9bef921f09b386d53e949389
-
SHA1
3219a8342196e7eeb5c0a798a46288f76ebd83be
-
SHA256
b53baa34326bd3039109fe90b74b16821a516846c0548803912c7b72a977da90
-
SHA512
9083a3c713ae5b535bd60d3e922218eb106d78ac773e1c2e0c8d297992710b7e9e0daff7bf22b83b1ab2a52e462d0c0561a3d279ffaeff4a70f3d96cefc5be61
-
SSDEEP
6144:Gk3PAXOXibRJX8gzD8iV49qaXbPn5fx7bVx71vCdzhiv4SA4N8wcH:GGPAXO3g35VarX7bV70hHi87H
Malware Config
Extracted
amadey
4.21
9a3efc
http://check-ftp.ru
-
install_dir
b9695770f1
-
install_file
Dctooux.exe
-
strings_key
1d3a0f2941c4060dba7f23a378474944
-
url_paths
/forum/index.php
Targets
-
-
Target
b53baa34326bd3039109fe90b74b16821a516846c0548803912c7b72a977da90
-
Size
425KB
-
MD5
f127a23d9bef921f09b386d53e949389
-
SHA1
3219a8342196e7eeb5c0a798a46288f76ebd83be
-
SHA256
b53baa34326bd3039109fe90b74b16821a516846c0548803912c7b72a977da90
-
SHA512
9083a3c713ae5b535bd60d3e922218eb106d78ac773e1c2e0c8d297992710b7e9e0daff7bf22b83b1ab2a52e462d0c0561a3d279ffaeff4a70f3d96cefc5be61
-
SSDEEP
6144:Gk3PAXOXibRJX8gzD8iV49qaXbPn5fx7bVx71vCdzhiv4SA4N8wcH:GGPAXO3g35VarX7bV70hHi87H
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-