General
-
Target
97e7d7f8bb1d6ca1132c4e5c3f6f178a10c77c30f03c56773a062fb5fc266b06
-
Size
486KB
-
Sample
240620-kh8g6aselj
-
MD5
64d4f83323d2a7e3b838e3ccb3f756ac
-
SHA1
277652c5492c396e8ee93f88de21aa018bf67420
-
SHA256
97e7d7f8bb1d6ca1132c4e5c3f6f178a10c77c30f03c56773a062fb5fc266b06
-
SHA512
291892121476036fdc6cc75c3bd4fe0e5145fc242bd1b43cb4c9b9822c878945341e9aebb91b263e372bb5ff7c0400e2db07cec56fd9504dee1e81971d5d122e
-
SSDEEP
6144:REULSLEMJvNmnV70/uUpDaIrKhNcIU3sxIkNbi1N9I47fQoQf:rmLEMJ1CVUPMcIAqi1N9I
Malware Config
Extracted
amadey
4.21
9a3efc
http://check-ftp.ru
-
install_dir
b9695770f1
-
install_file
Dctooux.exe
-
strings_key
1d3a0f2941c4060dba7f23a378474944
-
url_paths
/forum/index.php
Targets
-
-
Target
97e7d7f8bb1d6ca1132c4e5c3f6f178a10c77c30f03c56773a062fb5fc266b06
-
Size
486KB
-
MD5
64d4f83323d2a7e3b838e3ccb3f756ac
-
SHA1
277652c5492c396e8ee93f88de21aa018bf67420
-
SHA256
97e7d7f8bb1d6ca1132c4e5c3f6f178a10c77c30f03c56773a062fb5fc266b06
-
SHA512
291892121476036fdc6cc75c3bd4fe0e5145fc242bd1b43cb4c9b9822c878945341e9aebb91b263e372bb5ff7c0400e2db07cec56fd9504dee1e81971d5d122e
-
SSDEEP
6144:REULSLEMJvNmnV70/uUpDaIrKhNcIU3sxIkNbi1N9I47fQoQf:rmLEMJ1CVUPMcIAqi1N9I
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-