amadey | 2780-6-0x0000000000400000-0x0000000000F13000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2780-6-0x0000000000400000-0x0000000000F13000-memory.dmp
Size

11.1MB
MD5

279c178fb4be5e045d1868b26ceccaa2
SHA1

ffb4fb2bdabe06633d0b5aa3a02c7a61d70dea7b
SHA256

abbb4704d4c1bb0310ada35ea5f290b70be54133f92f1dce8b0f263a2fc71307
SHA512

9d3ef72b79f58b9d5d2d75c0481276979182776451dd78d188e32a538348ba7af2eac239623ce3841a435f14ec32acc7ca1e0cc0dc101328769f7d00e7a26a09
SSDEEP

196608:gCE69F9WJFa3unpOLCND9KWNN2RDWdXcLkzRSEF3KIgXaQgVzKgI:rE6z9SQ3x29R2R6dXnEqQAi

Score

10^/10

amadey

Malware Config

Extracted

Family

amadey

Version

4.13

C2

http://185.172.128.5

Attributes

install_dir
4fdb51ccdc
install_file
Utsysc.exe
strings_key
11bb398ff31ee80d2c37571aecd1d36d
url_paths
/v8sjh3hs8/index.php

rc4.plain

Signatures

Amadey family
amadey

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2780-6-0x0000000000400000-0x0000000000F13000-memory.dmp

Files

2780-6-0x0000000000400000-0x0000000000F13000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.MPRESS1
Size: 5.4MB - Virtual size: 10.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 227KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE