General
-
Target
055b390d9782b0cc42f1b71519de2f0bec85b7b9ab3b44134d3481695168819f
-
Size
392KB
-
Sample
240619-y5ncdszejc
-
MD5
ed63e01ede2b40362e8f7d69bc712e2f
-
SHA1
6d5742d8a195a8cf9130aecfda9fa4795cbeab5c
-
SHA256
055b390d9782b0cc42f1b71519de2f0bec85b7b9ab3b44134d3481695168819f
-
SHA512
f9b6d30b08f1dad3e09b20e2d0ef825dd4308f6031d24f7c2f66f6f441e0e63ffcb2192928b0cb9dbf342c4a3d8b91fbbefbea025edc61ea66f05d2d898b8317
-
SSDEEP
6144:k4IXFkLdXLvVJ/on6JDstW5+45UWK+zvEWYZ2VLO8SfBErfgKVMiaPuATBg6MecH:kRFkxXLJAS1K+QWnV6vmrfDkuMg6WH
Malware Config
Extracted
amadey
4.21
b2c2c1
http://greendag.ru
-
install_dir
e221f72865
-
install_file
Dctooux.exe
-
strings_key
09a7af7983af08af50ea3f51a73065e9
-
url_paths
/forum/index.php
Targets
-
-
Target
055b390d9782b0cc42f1b71519de2f0bec85b7b9ab3b44134d3481695168819f
-
Size
392KB
-
MD5
ed63e01ede2b40362e8f7d69bc712e2f
-
SHA1
6d5742d8a195a8cf9130aecfda9fa4795cbeab5c
-
SHA256
055b390d9782b0cc42f1b71519de2f0bec85b7b9ab3b44134d3481695168819f
-
SHA512
f9b6d30b08f1dad3e09b20e2d0ef825dd4308f6031d24f7c2f66f6f441e0e63ffcb2192928b0cb9dbf342c4a3d8b91fbbefbea025edc61ea66f05d2d898b8317
-
SSDEEP
6144:k4IXFkLdXLvVJ/on6JDstW5+45UWK+zvEWYZ2VLO8SfBErfgKVMiaPuATBg6MecH:kRFkxXLJAS1K+QWnV6vmrfDkuMg6WH
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-