General
-
Target
3255c94ddf17796ff2d08afd64a9688ef59f6acddcb084f03f5d32cda48e143c
-
Size
402KB
-
Sample
240621-l5q23azbjm
-
MD5
cc99fa7ea7872b93844372eddd33e738
-
SHA1
610f33acd0df8a96042ce4cbf30447b4aa7d2aa2
-
SHA256
3255c94ddf17796ff2d08afd64a9688ef59f6acddcb084f03f5d32cda48e143c
-
SHA512
d0886c91f0355ccbbc6e33fd6222cfd846d4d1e8947fc2666248fecb3d766a2df2789d40a7eb069eea7e78fb17e499221ce984e5c9a183332b0e6a02c409f543
-
SSDEEP
6144:hLQfvFdPIY6H2jJNYtAI4Eq6zmMpZg7/T7aHax+vBZ0jOfu9rdi968ii/:y7IyAAILDpZgTqj9u9rCiQ
Malware Config
Extracted
amadey
4.21
9a3efc
http://check-ftp.ru
-
install_dir
b9695770f1
-
install_file
Dctooux.exe
-
strings_key
1d3a0f2941c4060dba7f23a378474944
-
url_paths
/forum/index.php
Targets
-
-
Target
3255c94ddf17796ff2d08afd64a9688ef59f6acddcb084f03f5d32cda48e143c
-
Size
402KB
-
MD5
cc99fa7ea7872b93844372eddd33e738
-
SHA1
610f33acd0df8a96042ce4cbf30447b4aa7d2aa2
-
SHA256
3255c94ddf17796ff2d08afd64a9688ef59f6acddcb084f03f5d32cda48e143c
-
SHA512
d0886c91f0355ccbbc6e33fd6222cfd846d4d1e8947fc2666248fecb3d766a2df2789d40a7eb069eea7e78fb17e499221ce984e5c9a183332b0e6a02c409f543
-
SSDEEP
6144:hLQfvFdPIY6H2jJNYtAI4Eq6zmMpZg7/T7aHax+vBZ0jOfu9rdi968ii/:y7IyAAILDpZgTqj9u9rCiQ
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-