General
-
Target
8d664f5918bc5384cf317923240adce28b45a5a53408661d482fb594131d768d
-
Size
413KB
-
Sample
240619-yb7tyashjj
-
MD5
feb46a1fdf3196a940456c276c7af130
-
SHA1
a597c0aaf010fbe524efedad67008baa8702e633
-
SHA256
8d664f5918bc5384cf317923240adce28b45a5a53408661d482fb594131d768d
-
SHA512
f4e2c047eeda86a262dcb09a11031f6425b7f1a9bd662e68449d18e452bdcd121f3c80415d31f3a387d7bdee3ed47063525676eb6f68b31f7b301d7e7fed5fd1
-
SSDEEP
6144:72SbPYgTog0DvXJU0F+pnse9O7jFlxL+D0/Zl+8PGdcH:7XPYgTog0DPJlsnFOhumZlNPrH
Malware Config
Extracted
amadey
4.21
b2c2c1
http://greendag.ru
-
install_dir
e221f72865
-
install_file
Dctooux.exe
-
strings_key
09a7af7983af08af50ea3f51a73065e9
-
url_paths
/forum/index.php
Targets
-
-
Target
8d664f5918bc5384cf317923240adce28b45a5a53408661d482fb594131d768d
-
Size
413KB
-
MD5
feb46a1fdf3196a940456c276c7af130
-
SHA1
a597c0aaf010fbe524efedad67008baa8702e633
-
SHA256
8d664f5918bc5384cf317923240adce28b45a5a53408661d482fb594131d768d
-
SHA512
f4e2c047eeda86a262dcb09a11031f6425b7f1a9bd662e68449d18e452bdcd121f3c80415d31f3a387d7bdee3ed47063525676eb6f68b31f7b301d7e7fed5fd1
-
SSDEEP
6144:72SbPYgTog0DvXJU0F+pnse9O7jFlxL+D0/Zl+8PGdcH:7XPYgTog0DPJlsnFOhumZlNPrH
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-