amadey | ef28dab48f99d5eec872f41b66d015d2a509f3d7f69ddccdb4ec47a25088737f[.]exe | Triage

Sharing

General

Target

ef28dab48f99d5eec872f41b66d015d2a509f3d7f69ddccdb4ec47a25088737f.exe
Size

222KB
MD5

c33142578391a12cdaa3502631ccf6a8
SHA1

d7b44dc27084ad0daf9e3af7bc18432a7e176df7
SHA256

c61b7829b37f19fe78ee49c1aba9e0ea70a65eddfd40b137a7489e63c0f1e184
SHA512

5cb517283da53707696692dd212b49dc79bcc5f579846713090091aee966497273d82fbd6a51d95d8b6769c68f91fe88f9cad48671c2703487d45b885d64dd95
SSDEEP

6144:WzJK+H1xRDriEhJIvD7cMs3LssdLW1uyssJ:WzxfdJIvvvsLTdLW1uys

Score

10^/10

amadey

Malware Config

Extracted

Family

amadey

Version

2.85

C2

http://23.106.215.95

Attributes

install_dir
3129558ede
install_file
ntools.exe
strings_key
aa0bd6a5547b1594628920a66d03ad11
url_paths
/G9qpzLe/index.php

rc4.plain

Signatures

Amadey family
amadey

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ef28dab48f99d5eec872f41b66d015d2a509f3d7f69ddccdb4ec47a25088737f.exe

Files

ef28dab48f99d5eec872f41b66d015d2a509f3d7f69ddccdb4ec47a25088737f.exe
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ