amadey | 2288-109-0x0000000000050000-0x00000000004F3000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2288-109-0x0000000000050000-0x00000000004F3000-memory.dmp
Size

4.6MB
MD5

ae4449f3a142d1f8119c401a495c4095
SHA1

e77d2472988b1eb9229024c3816790184df34f34
SHA256

352e6ade1c02f08e3c40f9e91139e59cda20431221f18e15958b6a0dd8ce8679
SHA512

a6d107ac5c0a6b0976c04520702f2e4767cd94f71e917ca467b2db63e8bde917d39de7cfe920b0eb0d81300fd188810653790367d126f14cfa7beb8595a5cfd5
SSDEEP

98304:5MHiSgVomtCydiUPP/PjYakGQkXoqciOp:5BZwUH3EakGZpciOp

Score

10^/10

amadey

Malware Config

Extracted

Family

amadey

Version

4.12

C2

http://185.172.128.19

Attributes

install_dir
cd1f156d67
install_file
Utsysc.exe
strings_key
0dd3e5ee91b367c60c9e575983554b30
url_paths
/ghsdh39s/index.php

rc4.plain

Signatures

Amadey family
amadey

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2288-109-0x0000000000050000-0x00000000004F3000-memory.dmp

Files

2288-109-0x0000000000050000-0x00000000004F3000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 182KB - Virtual size: 408KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

dbelapuy
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ynoztmpr
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE