General
-
Target
61c225548d2e00077a9160014ab9730774dfbf90463739ec6cfe0a2d86a975b9
-
Size
402KB
-
Sample
240621-je138svgkn
-
MD5
242fe93a469a0f9bcbbd0f42369a5e96
-
SHA1
3f3b97ab323725e2b5abdb665ce4c95b7463b593
-
SHA256
61c225548d2e00077a9160014ab9730774dfbf90463739ec6cfe0a2d86a975b9
-
SHA512
c4b1190bc36cdb13c8c9086b3e32a5282a10fad6a182b6bc5a96fd33ab3375b9168d9b6e0b190d8ad0b0f327f5bc106b48148321700e4b9dfb9ef398ff2f837a
-
SSDEEP
6144:lL9f8HwlePGBStZNIRT2C1T6cCwbr2etWmxsG96j4Hk/:QHw3BIZNIA4PymC4O
Malware Config
Extracted
amadey
4.21
b2c2c1
http://greendag.ru
-
install_dir
e221f72865
-
install_file
Dctooux.exe
-
strings_key
09a7af7983af08af50ea3f51a73065e9
-
url_paths
/forum/index.php
Targets
-
-
Target
61c225548d2e00077a9160014ab9730774dfbf90463739ec6cfe0a2d86a975b9
-
Size
402KB
-
MD5
242fe93a469a0f9bcbbd0f42369a5e96
-
SHA1
3f3b97ab323725e2b5abdb665ce4c95b7463b593
-
SHA256
61c225548d2e00077a9160014ab9730774dfbf90463739ec6cfe0a2d86a975b9
-
SHA512
c4b1190bc36cdb13c8c9086b3e32a5282a10fad6a182b6bc5a96fd33ab3375b9168d9b6e0b190d8ad0b0f327f5bc106b48148321700e4b9dfb9ef398ff2f837a
-
SSDEEP
6144:lL9f8HwlePGBStZNIRT2C1T6cCwbr2etWmxsG96j4Hk/:QHw3BIZNIA4PymC4O
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-