General

  • Target

    d5556a80a43a627190832e8d857257f254a61f2a29c121a4f941dbcf070f85c6

  • Size

    425KB

  • Sample

    240619-s6wghaxerm

  • MD5

    dab0e54f314a3d7fd74192640bbf7aa7

  • SHA1

    a1fa984f761b8573d30840fefa6d54b56794ccf0

  • SHA256

    d5556a80a43a627190832e8d857257f254a61f2a29c121a4f941dbcf070f85c6

  • SHA512

    f15658142e70f187f1f8c3aa4f70b5acca7780138b9f08178f2e299fe73a69888dbf9c45dfc5fd3bf1ee99dc4032827799428b478cc53c2c3c19cfd9797c267f

  • SSDEEP

    6144:Wu3PA3wfnU3pQFcMOqVrL47Zku3etOFqVNLWylPAIxmENX7KJoJ52O43bcH:WYPA3aUSFcMOqQfOEFqVHCHyNOAH

Score
10/10

Malware Config

Extracted

Family

amadey

Version

4.21

Botnet

9a3efc

C2

http://check-ftp.ru

Attributes
  • install_dir

    b9695770f1

  • install_file

    Dctooux.exe

  • strings_key

    1d3a0f2941c4060dba7f23a378474944

  • url_paths

    /forum/index.php

rc4.plain

Targets

    • Target

      d5556a80a43a627190832e8d857257f254a61f2a29c121a4f941dbcf070f85c6

    • Size

      425KB

    • MD5

      dab0e54f314a3d7fd74192640bbf7aa7

    • SHA1

      a1fa984f761b8573d30840fefa6d54b56794ccf0

    • SHA256

      d5556a80a43a627190832e8d857257f254a61f2a29c121a4f941dbcf070f85c6

    • SHA512

      f15658142e70f187f1f8c3aa4f70b5acca7780138b9f08178f2e299fe73a69888dbf9c45dfc5fd3bf1ee99dc4032827799428b478cc53c2c3c19cfd9797c267f

    • SSDEEP

      6144:Wu3PA3wfnU3pQFcMOqVrL47Zku3etOFqVNLWylPAIxmENX7KJoJ52O43bcH:WYPA3aUSFcMOqQfOEFqVHCHyNOAH

    Score
    10/10
    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Matrix ATT&CK v13

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks