amadey | f18d6e2722ef702e5d2ad1c56b1b2c0db4660257b7df76c203bf0edc7b54c7ea | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2616-24-0x0000000000400000-0x0000000002C0A000-memory.dmp
Size

40.0MB
Sample

240212-qvtgnage63
MD5

7ffc4ede8c25a085c8979cb84a3303cc
SHA1

578672820c680e12986231dd60e206aed2851492
SHA256

f18d6e2722ef702e5d2ad1c56b1b2c0db4660257b7df76c203bf0edc7b54c7ea
SHA512

b95117774e1bb222d936c2dccabd778c050649ebc0b234e7cdc97b2ec9ff606f991063fa5e45d5219b8c1887b8f74eb40bfaaab26f91ff2e0b0ddf70c234cf5d
SSDEEP

12288:yfmHH7GF8M7ExxliV0LGYZmzpumepRpY35f:y47GF88EbnLtMcRpYx

Score

10^/10

amadey

Malware Config

Extracted

Family

amadey

Version

4.14

C2

http://anfesq.com

http://cbinr.com

http://rimakc.ru

Attributes

install_dir
68fd3d7ade
install_file
Utsysc.exe
strings_key
27ec7fd6f50f63b8af0c1d3deefcc8fe
url_paths
/forum/index.php

rc4.plain

Targets

- Target
  
  2616-24-0x0000000000400000-0x0000000002C0A000-memory.dmp
- Size
  
  40.0MB
- MD5
  
  7ffc4ede8c25a085c8979cb84a3303cc
- SHA1
  
  578672820c680e12986231dd60e206aed2851492
- SHA256
  
  f18d6e2722ef702e5d2ad1c56b1b2c0db4660257b7df76c203bf0edc7b54c7ea
- SHA512
  
  b95117774e1bb222d936c2dccabd778c050649ebc0b234e7cdc97b2ec9ff606f991063fa5e45d5219b8c1887b8f74eb40bfaaab26f91ff2e0b0ddf70c234cf5d
- SSDEEP
  
  12288:yfmHH7GF8M7ExxliV0LGYZmzpumepRpY35f:y47GF88EbnLtMcRpYx
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2