General
-
Target
af540e751a84fc8695531a1519c9472025ffda94d491b7a3d9be3927e0079051
-
Size
425KB
-
Sample
240619-szhbassfrg
-
MD5
aed08386ec5ca24caee809144ab8032d
-
SHA1
a7665fd400ed96fa6cda6af5e55d7bd3ec597c1a
-
SHA256
af540e751a84fc8695531a1519c9472025ffda94d491b7a3d9be3927e0079051
-
SHA512
774a07e3eb79e384def3ee144295a0144d2d1c04fc67e42c9f084f05f5e33f1e59a407cb4b0bf9ae26c543a1219e5dfcfb044978bbdb376cbde22060954aff77
-
SSDEEP
6144:INXPw3rdjoy/VKKTISiCcvhGpOYgEqpxhcKFLg12IIYZYCiFES4qrcH:IlPw3rd0wkC+kixhcKF012ISFFpPwH
Malware Config
Extracted
amadey
4.21
b2c2c1
http://greendag.ru
-
install_dir
e221f72865
-
install_file
Dctooux.exe
-
strings_key
09a7af7983af08af50ea3f51a73065e9
-
url_paths
/forum/index.php
Targets
-
-
Target
af540e751a84fc8695531a1519c9472025ffda94d491b7a3d9be3927e0079051
-
Size
425KB
-
MD5
aed08386ec5ca24caee809144ab8032d
-
SHA1
a7665fd400ed96fa6cda6af5e55d7bd3ec597c1a
-
SHA256
af540e751a84fc8695531a1519c9472025ffda94d491b7a3d9be3927e0079051
-
SHA512
774a07e3eb79e384def3ee144295a0144d2d1c04fc67e42c9f084f05f5e33f1e59a407cb4b0bf9ae26c543a1219e5dfcfb044978bbdb376cbde22060954aff77
-
SSDEEP
6144:INXPw3rdjoy/VKKTISiCcvhGpOYgEqpxhcKFLg12IIYZYCiFES4qrcH:IlPw3rd0wkC+kixhcKF012ISFFpPwH
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-