General
-
Target
a0996391b01a5cdb042a2602e35eb0c3ec093abc8cec51893525c79b8b734c33
-
Size
407KB
-
Sample
240620-az8jdayhnd
-
MD5
291b2863242aea4d35e30c242219ec70
-
SHA1
afd9d274ee71ac66ef64ab93b8e962ab7ccd2ce9
-
SHA256
a0996391b01a5cdb042a2602e35eb0c3ec093abc8cec51893525c79b8b734c33
-
SHA512
a088be27b7313c1a304fb1b74fdb0479a2026ecf8ddc872849c4843bcafb57651e7a13a184ad69908b2df2d7c09564c7c2d287c3e5c772d478cf81efd8576b58
-
SSDEEP
6144:j9hwWcYxK9lff/5UUY+Z2FUL1+Sqqd9wDFCwF3+RRTncH:jn0YU9lffRHDkFULgSjaFCwF7H
Malware Config
Extracted
amadey
4.21
9a3efc
http://check-ftp.ru
-
install_dir
b9695770f1
-
install_file
Dctooux.exe
-
strings_key
1d3a0f2941c4060dba7f23a378474944
-
url_paths
/forum/index.php
Targets
-
-
Target
a0996391b01a5cdb042a2602e35eb0c3ec093abc8cec51893525c79b8b734c33
-
Size
407KB
-
MD5
291b2863242aea4d35e30c242219ec70
-
SHA1
afd9d274ee71ac66ef64ab93b8e962ab7ccd2ce9
-
SHA256
a0996391b01a5cdb042a2602e35eb0c3ec093abc8cec51893525c79b8b734c33
-
SHA512
a088be27b7313c1a304fb1b74fdb0479a2026ecf8ddc872849c4843bcafb57651e7a13a184ad69908b2df2d7c09564c7c2d287c3e5c772d478cf81efd8576b58
-
SSDEEP
6144:j9hwWcYxK9lff/5UUY+Z2FUL1+Sqqd9wDFCwF3+RRTncH:jn0YU9lffRHDkFULgSjaFCwF7H
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-