General
-
Target
6b7aba37911e4aa166bc9f4eaf76a4b85f2ec4269ed9c35d042ce19208805c61
-
Size
482KB
-
Sample
240621-abeamashqa
-
MD5
c6e620e8426599cb1570466033c4c587
-
SHA1
1d0764e6e83844ff520cc44c513ba179827729e9
-
SHA256
6b7aba37911e4aa166bc9f4eaf76a4b85f2ec4269ed9c35d042ce19208805c61
-
SHA512
aa7664b4f4e5134db9fa5229e2256d162e1502c73d0eccd13f641fce1163499b6c2574b46b5ebfe225e940a8657fc3b4489ccb11e9e5ef2a841f3494502037d6
-
SSDEEP
6144:sJLyWeB3XjX2F3heNmM3K/YFnRg/T89p6Vxf03OrOCSVhl1mTBTZPg2X:AeNB3XjX1f3KA5A8983ZSrlIlW
Malware Config
Extracted
amadey
4.21
b2c2c1
http://greendag.ru
-
install_dir
e221f72865
-
install_file
Dctooux.exe
-
strings_key
09a7af7983af08af50ea3f51a73065e9
-
url_paths
/forum/index.php
Targets
-
-
Target
6b7aba37911e4aa166bc9f4eaf76a4b85f2ec4269ed9c35d042ce19208805c61
-
Size
482KB
-
MD5
c6e620e8426599cb1570466033c4c587
-
SHA1
1d0764e6e83844ff520cc44c513ba179827729e9
-
SHA256
6b7aba37911e4aa166bc9f4eaf76a4b85f2ec4269ed9c35d042ce19208805c61
-
SHA512
aa7664b4f4e5134db9fa5229e2256d162e1502c73d0eccd13f641fce1163499b6c2574b46b5ebfe225e940a8657fc3b4489ccb11e9e5ef2a841f3494502037d6
-
SSDEEP
6144:sJLyWeB3XjX2F3heNmM3K/YFnRg/T89p6Vxf03OrOCSVhl1mTBTZPg2X:AeNB3XjX1f3KA5A8983ZSrlIlW
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-