General
-
Target
d5556a80a43a627190832e8d857257f254a61f2a29c121a4f941dbcf070f85c6
-
Size
425KB
-
Sample
240619-s6wghaxerm
-
MD5
dab0e54f314a3d7fd74192640bbf7aa7
-
SHA1
a1fa984f761b8573d30840fefa6d54b56794ccf0
-
SHA256
d5556a80a43a627190832e8d857257f254a61f2a29c121a4f941dbcf070f85c6
-
SHA512
f15658142e70f187f1f8c3aa4f70b5acca7780138b9f08178f2e299fe73a69888dbf9c45dfc5fd3bf1ee99dc4032827799428b478cc53c2c3c19cfd9797c267f
-
SSDEEP
6144:Wu3PA3wfnU3pQFcMOqVrL47Zku3etOFqVNLWylPAIxmENX7KJoJ52O43bcH:WYPA3aUSFcMOqQfOEFqVHCHyNOAH
Malware Config
Extracted
amadey
4.21
9a3efc
http://check-ftp.ru
-
install_dir
b9695770f1
-
install_file
Dctooux.exe
-
strings_key
1d3a0f2941c4060dba7f23a378474944
-
url_paths
/forum/index.php
Targets
-
-
Target
d5556a80a43a627190832e8d857257f254a61f2a29c121a4f941dbcf070f85c6
-
Size
425KB
-
MD5
dab0e54f314a3d7fd74192640bbf7aa7
-
SHA1
a1fa984f761b8573d30840fefa6d54b56794ccf0
-
SHA256
d5556a80a43a627190832e8d857257f254a61f2a29c121a4f941dbcf070f85c6
-
SHA512
f15658142e70f187f1f8c3aa4f70b5acca7780138b9f08178f2e299fe73a69888dbf9c45dfc5fd3bf1ee99dc4032827799428b478cc53c2c3c19cfd9797c267f
-
SSDEEP
6144:Wu3PA3wfnU3pQFcMOqVrL47Zku3etOFqVNLWylPAIxmENX7KJoJ52O43bcH:WYPA3aUSFcMOqQfOEFqVHCHyNOAH
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-