General

  • Target

    amd.exe

  • Size

    437KB

  • MD5

    625cb97439daa80940791f626bb4765c

  • SHA1

    af462cf5435efceefcd6786f212e192403e80c4b

  • SHA256

    79f5147260484890fd1fab7a78619de557103717e124f1c249addc530b737a71

  • SHA512

    145f8dba2288b45ef2f0ba1582861131501fb90697dfd1a79bfcdb93fa1d9110283ccb95e24317876082c7b5b24e32f2d7f954d93cb0cac2d819dec920d00891

  • SSDEEP

    12288:C+mHU45lKN78RhFkvULfYOmBpumeYDDtKf:Ce45lKh87zLwp7Kf

Score
10/10

Malware Config

Extracted

Family

amadey

Version

4.12

C2

http://bitcoinstorm.cc

http://blackgold.top

http://emancipation1866.top

Attributes
  • strings_key

    550b275dd5aea0a3932bf7e10871e2c7

  • url_paths

    /g9sdjScV2/index.php

    /vdhe8ejs3/index.php

    /ghndbncg3S/index.php

rc4.plain

Signatures

  • Amadey family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • amd.exe
    .exe windows:6 windows x86 arch:x86

    c2cfc1b959f7b1a9228fea54d2cd4da8


    Headers

    Imports

    Sections