General

  • Target

    2024-60-0x0000000000EA0000-0x000000000136F000-memory.dmp

  • Size

    4.8MB

  • MD5

    3e825dfe02594c8bc535e698d7eb4858

  • SHA1

    27287b1758ed2967dde32acae7fc2d3996fe5567

  • SHA256

    a6f9b24ee4a9ce6a59ba1ae04fd8cc1fbe917394ba868b8dd397e49a28da0da4

  • SHA512

    11f79c9e608cb7d65590fe8afc915dc1b135ea11640681965b12637f5e91c6e7aaa85cd2f05b5614c452ef65fb5cd01f1c16475ee9534064657abb740e83deb9

  • SSDEEP

    98304:DJYDQf1+0V4TjjHdm2yzxkEh3sdOJwubz+5Gj8ACeVHgIG1XsU:t0PioOJB+50BprWsU

Score
10/10

Malware Config

Extracted

Family

amadey

Version

4.18

C2

http://193.233.132.56

Attributes
  • install_dir

    09fd851a4f

  • install_file

    explorha.exe

  • strings_key

    443351145ece4966ded809641c77cfa8

  • url_paths

    /Pneh2sXQk0/index.php

rc4.plain

Signatures

  • Amadey family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2024-60-0x0000000000EA0000-0x000000000136F000-memory.dmp
    .exe windows:6 windows x86 arch:x86


    Headers

    Sections