amadey | 2124-36-0x0000000000400000-0x0000000000B41000-memory[.]dmp | Triage

Sharing

General

Target

2124-36-0x0000000000400000-0x0000000000B41000-memory.dmp
Size

6.9MB
MD5

be6b72361d5b22b752a63143cc20ab0b
SHA1

7f71309da39fc442a714c8b74732b59e37628cbe
SHA256

cfa9b12d1ed7ba9a081f12c3f76dbc601e28f8139e0c556540e4b10991af0eda
SHA512

5e49143d1c30c6f2b068aef1d90178b8f71a38bb1aef86187d76a661dabad2b0927622f6e35827ec83060f8be488f088a64cebc84b5219a9cf185fc5a537560c
SSDEEP

196608:uU83PdsbEjuJsv59wiwLge6c/k7dgZVrwRv88s8:s3PdsbEju+PwiwLge6Qk+rs988s8

Score

10^/10

amadey

Malware Config

Extracted

Family

amadey

Version

4.13

C2

http://185.172.128.5

Attributes

install_dir
4fdb51ccdc
install_file
Utsysc.exe
strings_key
11bb398ff31ee80d2c37571aecd1d36d
url_paths
/v8sjh3hs8/index.php

rc4.plain

Signatures

Amadey family
amadey

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2124-36-0x0000000000400000-0x0000000000B41000-memory.dmp

Files

2124-36-0x0000000000400000-0x0000000000B41000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.MPRESS1
Size: 4.1MB - Virtual size: 7.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE