General
-
Target
5163dff5cb7c1e951265e724a1088f6767d4842dfa00134ca627722c2cb82695
-
Size
414KB
-
Sample
240619-tltylsxgqk
-
MD5
ed8f2aacd489761d8e8e4325aeae78a5
-
SHA1
57e6d6cff012add31fd2dacb0d2a090a943b1171
-
SHA256
5163dff5cb7c1e951265e724a1088f6767d4842dfa00134ca627722c2cb82695
-
SHA512
9ebf5d39605e7ecf1b1dbaa9545387efff57234dcb4d6ce79e95e7cbf2fe055d5e0d9e31c26b27c33e0eb88b3327a7c38c1f8d51e3fd442b2e4f8ef323f9ac0f
-
SSDEEP
6144:D2SbPYg28owbUh1ujE1rtDsyBJ+a5P+I+I+DCYlIkLavaTIcH:DXPYgXoAUuUrhxPD+BDCtuoaTzH
Malware Config
Extracted
amadey
4.21
9a3efc
http://check-ftp.ru
-
install_dir
b9695770f1
-
install_file
Dctooux.exe
-
strings_key
1d3a0f2941c4060dba7f23a378474944
-
url_paths
/forum/index.php
Targets
-
-
Target
5163dff5cb7c1e951265e724a1088f6767d4842dfa00134ca627722c2cb82695
-
Size
414KB
-
MD5
ed8f2aacd489761d8e8e4325aeae78a5
-
SHA1
57e6d6cff012add31fd2dacb0d2a090a943b1171
-
SHA256
5163dff5cb7c1e951265e724a1088f6767d4842dfa00134ca627722c2cb82695
-
SHA512
9ebf5d39605e7ecf1b1dbaa9545387efff57234dcb4d6ce79e95e7cbf2fe055d5e0d9e31c26b27c33e0eb88b3327a7c38c1f8d51e3fd442b2e4f8ef323f9ac0f
-
SSDEEP
6144:D2SbPYg28owbUh1ujE1rtDsyBJ+a5P+I+I+DCYlIkLavaTIcH:DXPYgXoAUuUrhxPD+BDCtuoaTzH
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-