General

  • Target

    44cfcc0bc2779b394673d2cfa445bd1f0e6ea3ce5e773160ad89efc1d438991c

  • Size

    387KB

  • Sample

    240621-m7jlfaxbpa

  • MD5

    6477bb86d00a8340a986a1da5ba6642e

  • SHA1

    04dfe72d1eeda62393292f9d61b568dfb85da928

  • SHA256

    44cfcc0bc2779b394673d2cfa445bd1f0e6ea3ce5e773160ad89efc1d438991c

  • SHA512

    9f2298f0fa588325f533051d2866441b70a0948b693dd0c6cde8c3e555c4cdc20a00ce5d6971175e8b3d91ce7197f250e1940b3dc1a51de6d9543feda5b4bdb9

  • SSDEEP

    6144:VCDEajkWt31f7HhXyZBQDSyU4DdFeTPssWSCcqiHxtPEaerB/:gDNd1fLhXyZBizUcdEzssxhvnex

Score
10/10

Malware Config

Extracted

Family

amadey

Version

4.21

Botnet

9a3efc

C2

http://check-ftp.ru

Attributes
  • install_dir

    b9695770f1

  • install_file

    Dctooux.exe

  • strings_key

    1d3a0f2941c4060dba7f23a378474944

  • url_paths

    /forum/index.php

rc4.plain

Targets

    • Target

      44cfcc0bc2779b394673d2cfa445bd1f0e6ea3ce5e773160ad89efc1d438991c

    • Size

      387KB

    • MD5

      6477bb86d00a8340a986a1da5ba6642e

    • SHA1

      04dfe72d1eeda62393292f9d61b568dfb85da928

    • SHA256

      44cfcc0bc2779b394673d2cfa445bd1f0e6ea3ce5e773160ad89efc1d438991c

    • SHA512

      9f2298f0fa588325f533051d2866441b70a0948b693dd0c6cde8c3e555c4cdc20a00ce5d6971175e8b3d91ce7197f250e1940b3dc1a51de6d9543feda5b4bdb9

    • SSDEEP

      6144:VCDEajkWt31f7HhXyZBQDSyU4DdFeTPssWSCcqiHxtPEaerB/:gDNd1fLhXyZBizUcdEzssxhvnex

    Score
    10/10
    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Matrix ATT&CK v13

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks