General
-
Target
ef24caa3d39e2f9069d8355215369348391f6b218f9adfc729021175bcaf19dc
-
Size
407KB
-
Sample
240620-fcbtsazaqa
-
MD5
ad1059546b98d818e250531daf6c15e7
-
SHA1
2dcecc922b06f107048300668e7965bc1a2a8ae7
-
SHA256
ef24caa3d39e2f9069d8355215369348391f6b218f9adfc729021175bcaf19dc
-
SHA512
ac4ebec738ce41ba5ee97f09fff90ca010a22e10ea9b7033ebcd43b87f676ca9a5dfcc7ab66ec2d2801ab56b1871930549db96d6b48b761fb90b7d46e481d6e1
-
SSDEEP
6144:Z1hw7FYbQJnQ6qBDXwIlwS77Zde1wQd90XbOLTlTE058MTpF0hVcH:ZPsY0nyXw5SXZq9kbmEIT2yH
Malware Config
Extracted
amadey
4.21
b2c2c1
http://greendag.ru
-
install_dir
e221f72865
-
install_file
Dctooux.exe
-
strings_key
09a7af7983af08af50ea3f51a73065e9
-
url_paths
/forum/index.php
Targets
-
-
Target
ef24caa3d39e2f9069d8355215369348391f6b218f9adfc729021175bcaf19dc
-
Size
407KB
-
MD5
ad1059546b98d818e250531daf6c15e7
-
SHA1
2dcecc922b06f107048300668e7965bc1a2a8ae7
-
SHA256
ef24caa3d39e2f9069d8355215369348391f6b218f9adfc729021175bcaf19dc
-
SHA512
ac4ebec738ce41ba5ee97f09fff90ca010a22e10ea9b7033ebcd43b87f676ca9a5dfcc7ab66ec2d2801ab56b1871930549db96d6b48b761fb90b7d46e481d6e1
-
SSDEEP
6144:Z1hw7FYbQJnQ6qBDXwIlwS77Zde1wQd90XbOLTlTE058MTpF0hVcH:ZPsY0nyXw5SXZq9kbmEIT2yH
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-