General
-
Target
c2ea802e0776dce9aa1552ca52a853d7f983c77cd8f97a9e7f6673f5d524e626
-
Size
402KB
-
Sample
240621-fq43gssfrn
-
MD5
4f8e458bc857970f39a9852f49070c38
-
SHA1
619fe4e5d4bcdd62852101c24fca944e9aadd9dc
-
SHA256
c2ea802e0776dce9aa1552ca52a853d7f983c77cd8f97a9e7f6673f5d524e626
-
SHA512
a28de54e866d399c92541b585e83acee966902aaa4cac6a06d2085acf9f2d34bef59d600edd1181aecd39ca122d9e137a9df2a1d046470bb6b2735deb85bd202
-
SSDEEP
6144:SLtfMardBHFYNk0CA9AOQobVy1ZUQtt/g6kjUm88HqUXSb962iGG/:NIdBFb0C0AZUu+38GNuih
Malware Config
Extracted
amadey
4.21
b2c2c1
http://greendag.ru
-
install_dir
e221f72865
-
install_file
Dctooux.exe
-
strings_key
09a7af7983af08af50ea3f51a73065e9
-
url_paths
/forum/index.php
Targets
-
-
Target
c2ea802e0776dce9aa1552ca52a853d7f983c77cd8f97a9e7f6673f5d524e626
-
Size
402KB
-
MD5
4f8e458bc857970f39a9852f49070c38
-
SHA1
619fe4e5d4bcdd62852101c24fca944e9aadd9dc
-
SHA256
c2ea802e0776dce9aa1552ca52a853d7f983c77cd8f97a9e7f6673f5d524e626
-
SHA512
a28de54e866d399c92541b585e83acee966902aaa4cac6a06d2085acf9f2d34bef59d600edd1181aecd39ca122d9e137a9df2a1d046470bb6b2735deb85bd202
-
SSDEEP
6144:SLtfMardBHFYNk0CA9AOQobVy1ZUQtt/g6kjUm88HqUXSb962iGG/:NIdBFb0C0AZUu+38GNuih
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-