General
-
Target
ce663835cbfe0fd0ea02d2aabcb38c892fcb5ce733b992b66821c219c1946ced
-
Size
487KB
-
Sample
240620-t1hh5a1ekq
-
MD5
f6b28c59bc46d345958b2e2d23d7a9b4
-
SHA1
c2b2fc69398575534a37c005d10c0753c3d9a26c
-
SHA256
ce663835cbfe0fd0ea02d2aabcb38c892fcb5ce733b992b66821c219c1946ced
-
SHA512
a6802fa196edeee7c2d5186fd49c523b3eb3017a31070adcac3e6eb63bebed234a713ecdb4788b23f05844307c1a2055af77c2705d73127c68960854799bdae8
-
SSDEEP
6144:B3L1LPyHXORrGtsqO8gpQxakev8d9abDZXV47tRy/K:JpjyHeisH8cKxe0uZF47
Malware Config
Extracted
amadey
4.21
b2c2c1
http://greendag.ru
-
install_dir
e221f72865
-
install_file
Dctooux.exe
-
strings_key
09a7af7983af08af50ea3f51a73065e9
-
url_paths
/forum/index.php
Targets
-
-
Target
ce663835cbfe0fd0ea02d2aabcb38c892fcb5ce733b992b66821c219c1946ced
-
Size
487KB
-
MD5
f6b28c59bc46d345958b2e2d23d7a9b4
-
SHA1
c2b2fc69398575534a37c005d10c0753c3d9a26c
-
SHA256
ce663835cbfe0fd0ea02d2aabcb38c892fcb5ce733b992b66821c219c1946ced
-
SHA512
a6802fa196edeee7c2d5186fd49c523b3eb3017a31070adcac3e6eb63bebed234a713ecdb4788b23f05844307c1a2055af77c2705d73127c68960854799bdae8
-
SSDEEP
6144:B3L1LPyHXORrGtsqO8gpQxakev8d9abDZXV47tRy/K:JpjyHeisH8cKxe0uZF47
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-