General

  • Target

    1660-2-0x0000000000D80000-0x0000000001256000-memory.dmp

  • Size

    4.8MB

  • MD5

    a5d31f83588bbfed5ff0378ab223ca63

  • SHA1

    82f90932fe881a3a38a42c73ec3cf70dfad2edf7

  • SHA256

    9234d6d8d8275e6c5c8278edea09681d3e61fb82b95dd8afbd79ca2c11b2cdac

  • SHA512

    36031aee2f529ba1d6be90aecb8afd1e08d2ec9c13cb7e96fd0a87b4f7d2d99a10ec59e2ae86d2ff85ab941dcb6776833e1c451b4be411d48afb7f99697a15a6

  • SSDEEP

    98304:XKrKhHpxV/akYoH3qR1LOJAcNESi5Z+E714xg9+c5Z6+gByy:XJqRwJtNTiL+E7og9+wo1Bh

Score
10/10

Malware Config

Extracted

Family

amadey

Version

4.17

C2

http://185.215.113.32

Attributes
  • install_dir

    00c07260dc

  • install_file

    explorgu.exe

  • strings_key

    461809bd97c251ba0c0c8450c7055f1d

  • url_paths

    /yandex/index.php

rc4.plain

Signatures

  • Amadey family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1660-2-0x0000000000D80000-0x0000000001256000-memory.dmp
    .exe windows:6 windows x86 arch:x86


    Headers

    Sections