amadey | 3032-15-0x0000000001070000-0x0000000001478000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3032-15-0x0000000001070000-0x0000000001478000-memory.dmp
Size

4.0MB
MD5

6519fb4a275a75764ea881105518c4b2
SHA1

5ebe00f89407b6fb54e9cc6d29e92009336d9166
SHA256

7d07ccfbce1eb62ab9c346e261e275761473946d24e33db34a08e65d311fe8fa
SHA512

ebe67f7046dae87a1fada90cbdfabbc2c54f90a7c905eaa307acad5824048ea7513a724f6a2362c97962ce7ba91450fb30d01210f1360d95edb8536b49054c39
SSDEEP

24576:O6ywegHDdvUzifuBTE6FeYzW/APt0mkKVej0q/FKd9Ds93S+O5pUGpnvwQgsiK3g:OjwHRvUR26T0ljB8qzopPpnvlR3zmqN

Score

10^/10

amadey

Malware Config

Extracted

Family

amadey

Version

4.15

C2

http://185.215.113.68

Attributes

install_dir
d887ceb89d
install_file
explorhe.exe
strings_key
7cadc181267fafff9df8503e730d60e1
url_paths
/theme/index.php

rc4.plain

Signatures

Amadey family
amadey

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3032-15-0x0000000001070000-0x0000000001478000-memory.dmp

Files

3032-15-0x0000000001070000-0x0000000001478000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 143KB - Virtual size: 324KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 26KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 617KB - Virtual size: 620KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE