General

  • Target

    1d769287a04d72627d72fa242aca71b062d7f3b88b1b6edb373d6c16a1a423d3

  • Size

    485KB

  • Sample

    240620-mm272ssgld

  • MD5

    136d44b18141e6755f46e7734467743e

  • SHA1

    d7a746e2502703f6bb34e3d59e49d540ca22dfac

  • SHA256

    1d769287a04d72627d72fa242aca71b062d7f3b88b1b6edb373d6c16a1a423d3

  • SHA512

    52054234f28d0181557e018faddee09dd66532126f80794e4a21bc0750fc6e6c7ddac550dbde80498a4b7a1b517e8d15bde314916f9ee815e8aed8997452586f

  • SSDEEP

    6144:OEPLxBE0J78HXlA/ejif1TbjP4HE60fqEzAhi07DBaXaSVhaDQtRpO:7FBE0JI3mTtTuuCEz8iEOVha

Score
10/10

Malware Config

Extracted

Family

amadey

Version

4.21

Botnet

9a3efc

C2

http://check-ftp.ru

Attributes
  • install_dir

    b9695770f1

  • install_file

    Dctooux.exe

  • strings_key

    1d3a0f2941c4060dba7f23a378474944

  • url_paths

    /forum/index.php

rc4.plain

Targets

    • Target

      1d769287a04d72627d72fa242aca71b062d7f3b88b1b6edb373d6c16a1a423d3

    • Size

      485KB

    • MD5

      136d44b18141e6755f46e7734467743e

    • SHA1

      d7a746e2502703f6bb34e3d59e49d540ca22dfac

    • SHA256

      1d769287a04d72627d72fa242aca71b062d7f3b88b1b6edb373d6c16a1a423d3

    • SHA512

      52054234f28d0181557e018faddee09dd66532126f80794e4a21bc0750fc6e6c7ddac550dbde80498a4b7a1b517e8d15bde314916f9ee815e8aed8997452586f

    • SSDEEP

      6144:OEPLxBE0J78HXlA/ejif1TbjP4HE60fqEzAhi07DBaXaSVhaDQtRpO:7FBE0JI3mTtTuuCEz8iEOVha

    Score
    10/10
    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Matrix ATT&CK v13

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks