General
-
Target
3381921176187b224484edc367e78f4fbd327ed8dc134fd8f7d1718020236c28
-
Size
482KB
-
Sample
240620-3sxshsxbkm
-
MD5
96f6d7d5ee0ed148cd63fa8c578ea651
-
SHA1
fc1700585f68908e5b0c32ed89400d3930adb016
-
SHA256
3381921176187b224484edc367e78f4fbd327ed8dc134fd8f7d1718020236c28
-
SHA512
4ef7ba575f96942b96582aacd74a85a22a75f2ea8b5a7524c6d251adc971d857944a31d5a740dec224076dfdb6e5be420a31be779f661877ce643cc7294cf30b
-
SSDEEP
6144:UihLswYjv/fQ86wIacRhHYLK7P2A1++G7GFMJRa3rdG3RhEg1gFPg2X:TYljv/fQ7wIacRhdCA1++GZ+b4
Malware Config
Extracted
amadey
4.21
b2c2c1
http://greendag.ru
-
install_dir
e221f72865
-
install_file
Dctooux.exe
-
strings_key
09a7af7983af08af50ea3f51a73065e9
-
url_paths
/forum/index.php
Targets
-
-
Target
3381921176187b224484edc367e78f4fbd327ed8dc134fd8f7d1718020236c28
-
Size
482KB
-
MD5
96f6d7d5ee0ed148cd63fa8c578ea651
-
SHA1
fc1700585f68908e5b0c32ed89400d3930adb016
-
SHA256
3381921176187b224484edc367e78f4fbd327ed8dc134fd8f7d1718020236c28
-
SHA512
4ef7ba575f96942b96582aacd74a85a22a75f2ea8b5a7524c6d251adc971d857944a31d5a740dec224076dfdb6e5be420a31be779f661877ce643cc7294cf30b
-
SSDEEP
6144:UihLswYjv/fQ86wIacRhHYLK7P2A1++G7GFMJRa3rdG3RhEg1gFPg2X:TYljv/fQ7wIacRhdCA1++GZ+b4
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-