General
-
Target
22ad93db9531b771413a8a972c684f8d3233c1dcec2c7baacf21b9e200cb698c_NeikiAnalytics.exe
-
Size
488KB
-
Sample
240621-al8bfstblg
-
MD5
7db4740ed5467aa03815db926ff075f0
-
SHA1
2a637fa5274c1a62a151fa68071458f35329feb8
-
SHA256
22ad93db9531b771413a8a972c684f8d3233c1dcec2c7baacf21b9e200cb698c
-
SHA512
2635c61b72dd98c15736237cc3eb219a4b4fb9054d6a213b96a74bcfb7d8902595ab8023bd8930ca1ed9bd296fdfdc4bb236b4ec4dd02ac6f07843effa762f9f
-
SSDEEP
6144:FLJR6EW7kKrIV8G0701B/pemVY1LCYxzLNZxjvsQexdxBbTjqYktC2WA:FSEqkKUV8Q/pzYVCgPNzvsQCxb3
Malware Config
Extracted
amadey
4.21
b2c2c1
http://greendag.ru
-
install_dir
e221f72865
-
install_file
Dctooux.exe
-
strings_key
09a7af7983af08af50ea3f51a73065e9
-
url_paths
/forum/index.php
Targets
-
-
Target
22ad93db9531b771413a8a972c684f8d3233c1dcec2c7baacf21b9e200cb698c_NeikiAnalytics.exe
-
Size
488KB
-
MD5
7db4740ed5467aa03815db926ff075f0
-
SHA1
2a637fa5274c1a62a151fa68071458f35329feb8
-
SHA256
22ad93db9531b771413a8a972c684f8d3233c1dcec2c7baacf21b9e200cb698c
-
SHA512
2635c61b72dd98c15736237cc3eb219a4b4fb9054d6a213b96a74bcfb7d8902595ab8023bd8930ca1ed9bd296fdfdc4bb236b4ec4dd02ac6f07843effa762f9f
-
SSDEEP
6144:FLJR6EW7kKrIV8G0701B/pemVY1LCYxzLNZxjvsQexdxBbTjqYktC2WA:FSEqkKUV8Q/pzYVCgPNzvsQCxb3
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-