Behavioral task
behavioral1
Sample
2560-37-0x0000000003A90000-0x0000000003AFD000-memory.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2560-37-0x0000000003A90000-0x0000000003AFD000-memory.exe
Resource
win10v2004-20231222-en
General
-
Target
2560-37-0x0000000003A90000-0x0000000003AFD000-memory.dmp
-
Size
436KB
-
MD5
799802d42998b6ffb1df3d4271f1700a
-
SHA1
329af1f17a4053e08658fed4884ea1f4d80e05c0
-
SHA256
0082d0523e0d099744bbe712800876b986c285c48002d72ae0fe172fe92e7b35
-
SHA512
822be0ca918b3b62e3fc464a75fe4dcf16cc7982e7396d7c1e548719265750d1aef4e59de21b9266f8129ccb3628f98fb83b8f46e2fbf5779b0c4b4fb9ee021a
-
SSDEEP
12288:3ghmL/a+NgOGyH94xXJYtxAdbw1867s7mHmuxw6olA7gxyJNS:JNgOGyH94x5Ytx6v6QaklAdNS
Malware Config
Extracted
amadey
4.17
http://185.196.10.34
-
install_dir
eff1401c19
-
install_file
Dctooux.exe
-
strings_key
6e23b5eadc27bb0b2eaebdd4fed1beb2
-
url_paths
/b8sdjsdkS/index.php
Signatures
-
Amadey family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2560-37-0x0000000003A90000-0x0000000003AFD000-memory.dmp
Files
-
2560-37-0x0000000003A90000-0x0000000003AFD000-memory.dmp.exe windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 313KB - Virtual size: 312KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 70KB - Virtual size: 69KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 19KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ