General
-
Target
d2d022a3366c1ae252fcb146277ac60e373e0078b6550b91dcc9fbcc9a42cc77
-
Size
485KB
-
Sample
240620-m2g6estdnc
-
MD5
4c56662fa80c2e376642690efbe5db81
-
SHA1
1e99ecfdeb83a10ee51eb645961759f8c00b21c3
-
SHA256
d2d022a3366c1ae252fcb146277ac60e373e0078b6550b91dcc9fbcc9a42cc77
-
SHA512
f5851c76d6a5aaefe1ec4eec79604acd61c9ca3329ee4d0772fa0920f7811ba8d200b5cc445ede8610906ca79adaae46a832090ec7c6e537aa8cc3d56f7a8918
-
SSDEEP
6144:UQrLFSk5LJ47L+mRsp/jsRQWlrPNv0mnjdNhNQxVHNAhSRlhj0Lp:JJSk5L3mRimQWdPNv9nJrQNAjL
Malware Config
Extracted
amadey
4.21
b2c2c1
http://greendag.ru
-
install_dir
e221f72865
-
install_file
Dctooux.exe
-
strings_key
09a7af7983af08af50ea3f51a73065e9
-
url_paths
/forum/index.php
Targets
-
-
Target
d2d022a3366c1ae252fcb146277ac60e373e0078b6550b91dcc9fbcc9a42cc77
-
Size
485KB
-
MD5
4c56662fa80c2e376642690efbe5db81
-
SHA1
1e99ecfdeb83a10ee51eb645961759f8c00b21c3
-
SHA256
d2d022a3366c1ae252fcb146277ac60e373e0078b6550b91dcc9fbcc9a42cc77
-
SHA512
f5851c76d6a5aaefe1ec4eec79604acd61c9ca3329ee4d0772fa0920f7811ba8d200b5cc445ede8610906ca79adaae46a832090ec7c6e537aa8cc3d56f7a8918
-
SSDEEP
6144:UQrLFSk5LJ47L+mRsp/jsRQWlrPNv0mnjdNhNQxVHNAhSRlhj0Lp:JJSk5L3mRimQWdPNv9nJrQNAjL
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-