General
-
Target
b4340ee05dec81bf1563752a2191c92257240b2e18aa4b3510cfde597daa9945
-
Size
413KB
-
Sample
240619-y32r1azdkf
-
MD5
95ab6d3fadcb810e221da5ab76e36879
-
SHA1
3cb431205302119b5d7a256eb56068d335f20484
-
SHA256
b4340ee05dec81bf1563752a2191c92257240b2e18aa4b3510cfde597daa9945
-
SHA512
1c33d98c96e524e7c3b824814087a5595187f49e222cce1edbb72457ad0b9864de27f3a3971ddde11077bf874353178506a7c5755e33c828fb735a0d882500f0
-
SSDEEP
12288:aXPYg28gGzdBR3NIYB0G3cUcBOP7iuX1zlXwH:EzTt935ck/Fzlq
Malware Config
Extracted
amadey
4.21
9a3efc
http://check-ftp.ru
-
install_dir
b9695770f1
-
install_file
Dctooux.exe
-
strings_key
1d3a0f2941c4060dba7f23a378474944
-
url_paths
/forum/index.php
Targets
-
-
Target
b4340ee05dec81bf1563752a2191c92257240b2e18aa4b3510cfde597daa9945
-
Size
413KB
-
MD5
95ab6d3fadcb810e221da5ab76e36879
-
SHA1
3cb431205302119b5d7a256eb56068d335f20484
-
SHA256
b4340ee05dec81bf1563752a2191c92257240b2e18aa4b3510cfde597daa9945
-
SHA512
1c33d98c96e524e7c3b824814087a5595187f49e222cce1edbb72457ad0b9864de27f3a3971ddde11077bf874353178506a7c5755e33c828fb735a0d882500f0
-
SSDEEP
12288:aXPYg28gGzdBR3NIYB0G3cUcBOP7iuX1zlXwH:EzTt935ck/Fzlq
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-