General

  • Target

    ce663835cbfe0fd0ea02d2aabcb38c892fcb5ce733b992b66821c219c1946ced

  • Size

    487KB

  • Sample

    240620-t1hh5a1ekq

  • MD5

    f6b28c59bc46d345958b2e2d23d7a9b4

  • SHA1

    c2b2fc69398575534a37c005d10c0753c3d9a26c

  • SHA256

    ce663835cbfe0fd0ea02d2aabcb38c892fcb5ce733b992b66821c219c1946ced

  • SHA512

    a6802fa196edeee7c2d5186fd49c523b3eb3017a31070adcac3e6eb63bebed234a713ecdb4788b23f05844307c1a2055af77c2705d73127c68960854799bdae8

  • SSDEEP

    6144:B3L1LPyHXORrGtsqO8gpQxakev8d9abDZXV47tRy/K:JpjyHeisH8cKxe0uZF47

Score
10/10

Malware Config

Extracted

Family

amadey

Version

4.21

Botnet

b2c2c1

C2

http://greendag.ru

Attributes
  • install_dir

    e221f72865

  • install_file

    Dctooux.exe

  • strings_key

    09a7af7983af08af50ea3f51a73065e9

  • url_paths

    /forum/index.php

rc4.plain

Targets

    • Target

      ce663835cbfe0fd0ea02d2aabcb38c892fcb5ce733b992b66821c219c1946ced

    • Size

      487KB

    • MD5

      f6b28c59bc46d345958b2e2d23d7a9b4

    • SHA1

      c2b2fc69398575534a37c005d10c0753c3d9a26c

    • SHA256

      ce663835cbfe0fd0ea02d2aabcb38c892fcb5ce733b992b66821c219c1946ced

    • SHA512

      a6802fa196edeee7c2d5186fd49c523b3eb3017a31070adcac3e6eb63bebed234a713ecdb4788b23f05844307c1a2055af77c2705d73127c68960854799bdae8

    • SSDEEP

      6144:B3L1LPyHXORrGtsqO8gpQxakev8d9abDZXV47tRy/K:JpjyHeisH8cKxe0uZF47

    Score
    10/10
    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Matrix ATT&CK v13

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks