General
-
Target
1d769287a04d72627d72fa242aca71b062d7f3b88b1b6edb373d6c16a1a423d3
-
Size
485KB
-
Sample
240620-mm272ssgld
-
MD5
136d44b18141e6755f46e7734467743e
-
SHA1
d7a746e2502703f6bb34e3d59e49d540ca22dfac
-
SHA256
1d769287a04d72627d72fa242aca71b062d7f3b88b1b6edb373d6c16a1a423d3
-
SHA512
52054234f28d0181557e018faddee09dd66532126f80794e4a21bc0750fc6e6c7ddac550dbde80498a4b7a1b517e8d15bde314916f9ee815e8aed8997452586f
-
SSDEEP
6144:OEPLxBE0J78HXlA/ejif1TbjP4HE60fqEzAhi07DBaXaSVhaDQtRpO:7FBE0JI3mTtTuuCEz8iEOVha
Malware Config
Extracted
amadey
4.21
9a3efc
http://check-ftp.ru
-
install_dir
b9695770f1
-
install_file
Dctooux.exe
-
strings_key
1d3a0f2941c4060dba7f23a378474944
-
url_paths
/forum/index.php
Targets
-
-
Target
1d769287a04d72627d72fa242aca71b062d7f3b88b1b6edb373d6c16a1a423d3
-
Size
485KB
-
MD5
136d44b18141e6755f46e7734467743e
-
SHA1
d7a746e2502703f6bb34e3d59e49d540ca22dfac
-
SHA256
1d769287a04d72627d72fa242aca71b062d7f3b88b1b6edb373d6c16a1a423d3
-
SHA512
52054234f28d0181557e018faddee09dd66532126f80794e4a21bc0750fc6e6c7ddac550dbde80498a4b7a1b517e8d15bde314916f9ee815e8aed8997452586f
-
SSDEEP
6144:OEPLxBE0J78HXlA/ejif1TbjP4HE60fqEzAhi07DBaXaSVhaDQtRpO:7FBE0JI3mTtTuuCEz8iEOVha
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-