General

  • Target

    2384-2-0x0000000000DB0000-0x00000000010D0000-memory.dmp

  • Size

    3.1MB

  • MD5

    8cae460cd6935edfcac166c5cebdfa00

  • SHA1

    b20e8f6bd47d5a9e0e95bad1d73d8643d446ebd5

  • SHA256

    55c9c1384e4143ec656c86c2d07a7623def35d265cb4791d36d7dede9e61a5c4

  • SHA512

    9f7310dc4a235c066e9d75d44ca74aa8f84e280c50beaf52f6e206cd4e6b182d9b44adbda0d140f1a00a73c9f82e2028c449e9deac85cebb160b2675a95dcea5

  • SSDEEP

    49152:C48SW8NgL+D964Ly3qTHdQlgEjC2cwpQeflh:bjW8NgL29rLy3qTHdQlgSC2cyQefX

Score
10/10

Malware Config

Extracted

Family

amadey

Version

4.18

C2

http://193.233.132.56

Attributes
  • install_dir

    09fd851a4f

  • install_file

    explorha.exe

  • strings_key

    443351145ece4966ded809641c77cfa8

  • url_paths

    /Pneh2sXQk0/index.php

rc4.plain

Signatures

  • Amadey family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2384-2-0x0000000000DB0000-0x00000000010D0000-memory.dmp
    .exe windows:6 windows x86 arch:x86


    Headers

    Sections