amadey | 940-2-0x0000000000180000-0x0000000000644000-memory[.]dmp | Triage

Sharing

General

Target

940-2-0x0000000000180000-0x0000000000644000-memory.dmp
Size

4.8MB
MD5

4c382e7224553813ebee16a666fb9970
SHA1

9466212e5cf9e165db80d97e5e92a825c3738a0e
SHA256

31bd67a7631f731b1f4a9625b3ff1a3e37ff71e5bc3dc9b55725466403e942a4
SHA512

44398f36ae8454b0ad449dadfa8b3b0f3edc6d4135fb8d82d24ddfb1565dc72a637e625d02aee50e35e4a4b5e7641040b0f5b6a32468ccae29e2827bc950333b
SSDEEP

98304:+y+KkxbEklsaWajXVPO3FDf0X9M+xxUmZ7D:+rf7rJUZ0HxxUgD

Score

10^/10

amadey

Malware Config

Extracted

Family

amadey

Version

4.17

C2

http://185.215.113.32

Attributes

install_dir
00c07260dc
install_file
explorgu.exe
strings_key
461809bd97c251ba0c0c8450c7055f1d
url_paths
/yandex/index.php

rc4.plain

Signatures

Amadey family
amadey

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
940-2-0x0000000000180000-0x0000000000644000-memory.dmp

Files

940-2-0x0000000000180000-0x0000000000644000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 181KB - Virtual size: 404KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

nsslbawo
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ipxpqlnj
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE