General
-
Target
e71406c0c2b813a55ec12d1f91bfa3a68d20003f82b5180742d5584fdf5c8408
-
Size
421KB
-
Sample
240619-lssecsyamc
-
MD5
a697d145e3d3eec4667492f4924733d3
-
SHA1
b64d35875bfa9ca4b26b52eb34efd03b9516f152
-
SHA256
e71406c0c2b813a55ec12d1f91bfa3a68d20003f82b5180742d5584fdf5c8408
-
SHA512
ea6798cff47f9a677b9993dc62435f44fe2c79d0b8982a5d96adc925b520a8ca1995e07e87719757449ba45abbc50c1b3f0ac756cc38766711888dfe235f8dca
-
SSDEEP
6144:+L3rp2ZaUFYMUmt3riBFSNc07jkU+JGrXhXsWPSUIF44W0cH:+Hp2xYb8PwU7psibn/H
Malware Config
Extracted
amadey
4.21
9a3efc
http://check-ftp.ru
-
install_dir
b9695770f1
-
install_file
Dctooux.exe
-
strings_key
1d3a0f2941c4060dba7f23a378474944
-
url_paths
/forum/index.php
Targets
-
-
Target
e71406c0c2b813a55ec12d1f91bfa3a68d20003f82b5180742d5584fdf5c8408
-
Size
421KB
-
MD5
a697d145e3d3eec4667492f4924733d3
-
SHA1
b64d35875bfa9ca4b26b52eb34efd03b9516f152
-
SHA256
e71406c0c2b813a55ec12d1f91bfa3a68d20003f82b5180742d5584fdf5c8408
-
SHA512
ea6798cff47f9a677b9993dc62435f44fe2c79d0b8982a5d96adc925b520a8ca1995e07e87719757449ba45abbc50c1b3f0ac756cc38766711888dfe235f8dca
-
SSDEEP
6144:+L3rp2ZaUFYMUmt3riBFSNc07jkU+JGrXhXsWPSUIF44W0cH:+Hp2xYb8PwU7psibn/H
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-