General
-
Target
ceb04bb81319917418c857085052a73116614f1f8113c6dd778045f1a3d31084
-
Size
486KB
-
Sample
240620-zqe8xa1dnp
-
MD5
fd3a73d0954fc4f31531e1bebcf04848
-
SHA1
9b55c05e80c7e88f47db457de9abee19dab959e1
-
SHA256
ceb04bb81319917418c857085052a73116614f1f8113c6dd778045f1a3d31084
-
SHA512
524fbbef11ac649255a459735e346ca05bc110da810ae6dbad0b621d21bd3e06f15743cc744c658e8630c7fb814f390b2e7194ba852dfbd221991baa4bd89389
-
SSDEEP
6144:mPLXYQLYHY8WbPJHb9ztcZpszn109IW32xL5qsbXo6JIkaIpq//EzEM:kDNLYHY179GZpsTMIW3OIco66ZIpq
Malware Config
Extracted
amadey
4.21
9a3efc
http://check-ftp.ru
-
install_dir
b9695770f1
-
install_file
Dctooux.exe
-
strings_key
1d3a0f2941c4060dba7f23a378474944
-
url_paths
/forum/index.php
Targets
-
-
Target
ceb04bb81319917418c857085052a73116614f1f8113c6dd778045f1a3d31084
-
Size
486KB
-
MD5
fd3a73d0954fc4f31531e1bebcf04848
-
SHA1
9b55c05e80c7e88f47db457de9abee19dab959e1
-
SHA256
ceb04bb81319917418c857085052a73116614f1f8113c6dd778045f1a3d31084
-
SHA512
524fbbef11ac649255a459735e346ca05bc110da810ae6dbad0b621d21bd3e06f15743cc744c658e8630c7fb814f390b2e7194ba852dfbd221991baa4bd89389
-
SSDEEP
6144:mPLXYQLYHY8WbPJHb9ztcZpszn109IW32xL5qsbXo6JIkaIpq//EzEM:kDNLYHY179GZpsTMIW3OIco66ZIpq
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-