General
-
Target
aba598703253e8427674d62491c856f293e6523a0db78d7f274fdad4929b34df
-
Size
487KB
-
Sample
240620-1hwflayand
-
MD5
2683cfdc5d82175d3b252b6fdb855fa1
-
SHA1
b9bbb45417f244711cd5be9647e5ff9def3af245
-
SHA256
aba598703253e8427674d62491c856f293e6523a0db78d7f274fdad4929b34df
-
SHA512
8aa266b5e5e99a4b3a4c826597880e71a59ff6e139e04def1a78d864dbd37c12dfbb0c83645ce1af763e57aede4f2e249e511215555e87e976d2e521085e09c5
-
SSDEEP
6144:9eLUA/cvtLsEl9UO/P9Xb4SUvvMnbH2DLAujVV14GgU1eFBZ:soOcvtLjlhKSYEbcAuXQue
Malware Config
Extracted
amadey
4.21
9a3efc
http://check-ftp.ru
-
install_dir
b9695770f1
-
install_file
Dctooux.exe
-
strings_key
1d3a0f2941c4060dba7f23a378474944
-
url_paths
/forum/index.php
Targets
-
-
Target
aba598703253e8427674d62491c856f293e6523a0db78d7f274fdad4929b34df
-
Size
487KB
-
MD5
2683cfdc5d82175d3b252b6fdb855fa1
-
SHA1
b9bbb45417f244711cd5be9647e5ff9def3af245
-
SHA256
aba598703253e8427674d62491c856f293e6523a0db78d7f274fdad4929b34df
-
SHA512
8aa266b5e5e99a4b3a4c826597880e71a59ff6e139e04def1a78d864dbd37c12dfbb0c83645ce1af763e57aede4f2e249e511215555e87e976d2e521085e09c5
-
SSDEEP
6144:9eLUA/cvtLsEl9UO/P9Xb4SUvvMnbH2DLAujVV14GgU1eFBZ:soOcvtLjlhKSYEbcAuXQue
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-