General
-
Target
44cfcc0bc2779b394673d2cfa445bd1f0e6ea3ce5e773160ad89efc1d438991c
-
Size
387KB
-
Sample
240621-m7jlfaxbpa
-
MD5
6477bb86d00a8340a986a1da5ba6642e
-
SHA1
04dfe72d1eeda62393292f9d61b568dfb85da928
-
SHA256
44cfcc0bc2779b394673d2cfa445bd1f0e6ea3ce5e773160ad89efc1d438991c
-
SHA512
9f2298f0fa588325f533051d2866441b70a0948b693dd0c6cde8c3e555c4cdc20a00ce5d6971175e8b3d91ce7197f250e1940b3dc1a51de6d9543feda5b4bdb9
-
SSDEEP
6144:VCDEajkWt31f7HhXyZBQDSyU4DdFeTPssWSCcqiHxtPEaerB/:gDNd1fLhXyZBizUcdEzssxhvnex
Malware Config
Extracted
amadey
4.21
9a3efc
http://check-ftp.ru
-
install_dir
b9695770f1
-
install_file
Dctooux.exe
-
strings_key
1d3a0f2941c4060dba7f23a378474944
-
url_paths
/forum/index.php
Targets
-
-
Target
44cfcc0bc2779b394673d2cfa445bd1f0e6ea3ce5e773160ad89efc1d438991c
-
Size
387KB
-
MD5
6477bb86d00a8340a986a1da5ba6642e
-
SHA1
04dfe72d1eeda62393292f9d61b568dfb85da928
-
SHA256
44cfcc0bc2779b394673d2cfa445bd1f0e6ea3ce5e773160ad89efc1d438991c
-
SHA512
9f2298f0fa588325f533051d2866441b70a0948b693dd0c6cde8c3e555c4cdc20a00ce5d6971175e8b3d91ce7197f250e1940b3dc1a51de6d9543feda5b4bdb9
-
SSDEEP
6144:VCDEajkWt31f7HhXyZBQDSyU4DdFeTPssWSCcqiHxtPEaerB/:gDNd1fLhXyZBizUcdEzssxhvnex
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-