General
-
Target
1f001e90d359d48fbb66141e4053d6c21b836a89fa0cb00dda2cfa855218e37b
-
Size
401KB
-
Sample
240621-jpxhss1hqg
-
MD5
86dcb1534d76165e092f073ca06144ae
-
SHA1
fb5562980a5076fc79287c857eb6949670ed3da2
-
SHA256
1f001e90d359d48fbb66141e4053d6c21b836a89fa0cb00dda2cfa855218e37b
-
SHA512
ad6cbf079405ce214cd9c1112451639a1ed01b911b73ab22da2b54e29ec33de3c2d6dd6d512215aabc4e0ff2ca23733dcfe4d715a54254c5aeaf07950422a558
-
SSDEEP
6144:rLbfy7n7G/dbkrtgo8JxbKzR+QdHtlX3bSOH4E+wau3+KJ96Of//:277KwgozdHtlXrSOt+wzfH
Malware Config
Extracted
amadey
4.21
9a3efc
http://check-ftp.ru
-
install_dir
b9695770f1
-
install_file
Dctooux.exe
-
strings_key
1d3a0f2941c4060dba7f23a378474944
-
url_paths
/forum/index.php
Targets
-
-
Target
1f001e90d359d48fbb66141e4053d6c21b836a89fa0cb00dda2cfa855218e37b
-
Size
401KB
-
MD5
86dcb1534d76165e092f073ca06144ae
-
SHA1
fb5562980a5076fc79287c857eb6949670ed3da2
-
SHA256
1f001e90d359d48fbb66141e4053d6c21b836a89fa0cb00dda2cfa855218e37b
-
SHA512
ad6cbf079405ce214cd9c1112451639a1ed01b911b73ab22da2b54e29ec33de3c2d6dd6d512215aabc4e0ff2ca23733dcfe4d715a54254c5aeaf07950422a558
-
SSDEEP
6144:rLbfy7n7G/dbkrtgo8JxbKzR+QdHtlX3bSOH4E+wau3+KJ96Of//:277KwgozdHtlXrSOt+wzfH
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-