General
-
Target
10b410929747d5a17255f0664b7a843da181ac7740ef87bac0500fdf2bc74688
-
Size
422KB
-
Sample
240619-ldppxsxglh
-
MD5
c00760332fc7151bca1b594b9de2ee4a
-
SHA1
5b5eea5808e0495c55396e47fa69a26ac3e76101
-
SHA256
10b410929747d5a17255f0664b7a843da181ac7740ef87bac0500fdf2bc74688
-
SHA512
e4b0f341604e437a9205d7266d5baa4f494a062c9f96adebb0d87008516a2c4c5dcec00cfbab50c02584666f8d963e8edaf1a9d21b1430abe48a8faa8af944a6
-
SSDEEP
6144:NL3rp2pGocB4H8piSgGQAV3nY16FKfxqugUJJDEfIvTpJJxjrtfu14yWcH:NHp2ko1GQa3nsyKfxqeiYJJ9pyHJH
Malware Config
Extracted
amadey
4.21
b2c2c1
http://greendag.ru
-
install_dir
e221f72865
-
install_file
Dctooux.exe
-
strings_key
09a7af7983af08af50ea3f51a73065e9
-
url_paths
/forum/index.php
Targets
-
-
Target
10b410929747d5a17255f0664b7a843da181ac7740ef87bac0500fdf2bc74688
-
Size
422KB
-
MD5
c00760332fc7151bca1b594b9de2ee4a
-
SHA1
5b5eea5808e0495c55396e47fa69a26ac3e76101
-
SHA256
10b410929747d5a17255f0664b7a843da181ac7740ef87bac0500fdf2bc74688
-
SHA512
e4b0f341604e437a9205d7266d5baa4f494a062c9f96adebb0d87008516a2c4c5dcec00cfbab50c02584666f8d963e8edaf1a9d21b1430abe48a8faa8af944a6
-
SSDEEP
6144:NL3rp2pGocB4H8piSgGQAV3nY16FKfxqugUJJDEfIvTpJJxjrtfu14yWcH:NHp2ko1GQa3nsyKfxqeiYJJ9pyHJH
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-