General
-
Target
89dfa65a25449fe1d18cce6c143848b6a72102145924fa386914e9bd5b406ce3
-
Size
485KB
-
Sample
240620-mc6sgswflk
-
MD5
038f9393b44ad6a01ea84173c20b9fd2
-
SHA1
3ff2b5e916add5c74af9fcf53ef883a4980e38c4
-
SHA256
89dfa65a25449fe1d18cce6c143848b6a72102145924fa386914e9bd5b406ce3
-
SHA512
7713d1d49122c52c9c9a32064f5e76dabc3ba8ed9e09398de6268b3b33c8a607d9eed765165d4c2152b755182139a6a986d061a2ad330e5d49b5368d546c428b
-
SSDEEP
6144:FEiL5KEoZRibJPH9x4KR5pm/3rC3NLnHRG3tu4G+wVydNOq:5FKEoZRi9PHwAHyu9hZ9Is
Malware Config
Extracted
amadey
4.21
9a3efc
http://check-ftp.ru
-
install_dir
b9695770f1
-
install_file
Dctooux.exe
-
strings_key
1d3a0f2941c4060dba7f23a378474944
-
url_paths
/forum/index.php
Targets
-
-
Target
89dfa65a25449fe1d18cce6c143848b6a72102145924fa386914e9bd5b406ce3
-
Size
485KB
-
MD5
038f9393b44ad6a01ea84173c20b9fd2
-
SHA1
3ff2b5e916add5c74af9fcf53ef883a4980e38c4
-
SHA256
89dfa65a25449fe1d18cce6c143848b6a72102145924fa386914e9bd5b406ce3
-
SHA512
7713d1d49122c52c9c9a32064f5e76dabc3ba8ed9e09398de6268b3b33c8a607d9eed765165d4c2152b755182139a6a986d061a2ad330e5d49b5368d546c428b
-
SSDEEP
6144:FEiL5KEoZRibJPH9x4KR5pm/3rC3NLnHRG3tu4G+wVydNOq:5FKEoZRi9PHwAHyu9hZ9Is
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-