General
-
Target
ae3abe920c3c0ff9659e2cc22dd5f274291b6ec0f8e5e6b8d941230232b85620
-
Size
401KB
-
Sample
240621-lq9wmavdqb
-
MD5
43e8718946d4c1e0720024885c4e2a74
-
SHA1
87163ddb7dbb9b461f36362424c2f559dbd6ffc8
-
SHA256
ae3abe920c3c0ff9659e2cc22dd5f274291b6ec0f8e5e6b8d941230232b85620
-
SHA512
059dd69f237606bff74e2bc3c344fdd22a75ebbc148815906aad207dbd7e15206d3264333018695fc1e6fc7206f849673ad2644d4faf77adda743b518a12f951
-
SSDEEP
6144:rLmfVVAVIaS2ZyNDRpqwtUyXiIGqN5LvZ1m1xSWFaUnwwDS96VIjv/:sVyIav6b3TJv3vZ1eBImwgw3
Malware Config
Extracted
amadey
4.21
b2c2c1
http://greendag.ru
-
install_dir
e221f72865
-
install_file
Dctooux.exe
-
strings_key
09a7af7983af08af50ea3f51a73065e9
-
url_paths
/forum/index.php
Targets
-
-
Target
ae3abe920c3c0ff9659e2cc22dd5f274291b6ec0f8e5e6b8d941230232b85620
-
Size
401KB
-
MD5
43e8718946d4c1e0720024885c4e2a74
-
SHA1
87163ddb7dbb9b461f36362424c2f559dbd6ffc8
-
SHA256
ae3abe920c3c0ff9659e2cc22dd5f274291b6ec0f8e5e6b8d941230232b85620
-
SHA512
059dd69f237606bff74e2bc3c344fdd22a75ebbc148815906aad207dbd7e15206d3264333018695fc1e6fc7206f849673ad2644d4faf77adda743b518a12f951
-
SSDEEP
6144:rLmfVVAVIaS2ZyNDRpqwtUyXiIGqN5LvZ1m1xSWFaUnwwDS96VIjv/:sVyIav6b3TJv3vZ1eBImwgw3
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-