General

  • Target

    0433532a3e70d641865b749221aeb9e759a89a40efcf2c56efa4ed169511a6a7

  • Size

    426KB

  • Sample

    240619-p1m2dsvflp

  • MD5

    e6fc28553e094884912bae4a2c2b3b9c

  • SHA1

    cde0267165251594e62d474d1c80841733b19875

  • SHA256

    0433532a3e70d641865b749221aeb9e759a89a40efcf2c56efa4ed169511a6a7

  • SHA512

    ca02ba43c31ef94035d26d6e8e92707608dcd7ec667fcf97ca391128084de90000c76eaa2075caaa93f98a135aadaeffce331d1eb0bea5343e83385022cbd162

  • SSDEEP

    6144:2k3PAXH+GEMdFSAnucg0Nc6EEXsYtIyueHU8XOkV9W5I6Y0W4IjcH:2GPAXuoL7IsU+tVgTeBIH

Score
10/10

Malware Config

Extracted

Family

amadey

Version

4.21

Botnet

b2c2c1

C2

http://greendag.ru

Attributes
  • install_dir

    e221f72865

  • install_file

    Dctooux.exe

  • strings_key

    09a7af7983af08af50ea3f51a73065e9

  • url_paths

    /forum/index.php

rc4.plain

Targets

    • Target

      0433532a3e70d641865b749221aeb9e759a89a40efcf2c56efa4ed169511a6a7

    • Size

      426KB

    • MD5

      e6fc28553e094884912bae4a2c2b3b9c

    • SHA1

      cde0267165251594e62d474d1c80841733b19875

    • SHA256

      0433532a3e70d641865b749221aeb9e759a89a40efcf2c56efa4ed169511a6a7

    • SHA512

      ca02ba43c31ef94035d26d6e8e92707608dcd7ec667fcf97ca391128084de90000c76eaa2075caaa93f98a135aadaeffce331d1eb0bea5343e83385022cbd162

    • SSDEEP

      6144:2k3PAXH+GEMdFSAnucg0Nc6EEXsYtIyueHU8XOkV9W5I6Y0W4IjcH:2GPAXuoL7IsU+tVgTeBIH

    Score
    10/10
    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Matrix ATT&CK v13

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks