amadey | 2360-3-0x0000000000400000-0x0000000000470000-memory[.]dmp | Triage

Sharing

General

Target

2360-3-0x0000000000400000-0x0000000000470000-memory.dmp
Size

448KB
MD5

70b6211899362f9e91bc4cab5582506f
SHA1

84a99773ac86c22c4ff9d6195055630a7adf3eb4
SHA256

7623e26c49d6512fe1227ee3ff64c570cf98219bd9a1d5d0d502a77cdad8098f
SHA512

51099669704a0c4f818d39931729f9e5418e7e75403762483160cbfccec273eaeb35b5988d20ebedb6da2a8907be25de27af982629e902f6037718c2a9910ce9
SSDEEP

6144:T1hP9dWA4d2TXUPD94AfiUoMtda7Q0DeaO50fkrX6CKdCIBfi9BvLauZeQt4TFCb:T9oSUvfiR7CokrK1dC2UBjauZeQCa

Score

10^/10

667bac amadey

Malware Config

Extracted

Family

amadey

Version

4.21

Botnet

667bac

C2

http://94.156.68.141

Attributes

install_dir
716b9e4c6b
install_file
Dctooux.exe
strings_key
8e31b2add27c52b4aedc47b90f997046
url_paths
/h9fmdW5/index.php

rc4.plain

Signatures

Amadey family
amadey

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2360-3-0x0000000000400000-0x0000000000470000-memory.dmp

Files

2360-3-0x0000000000400000-0x0000000000470000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 318KB - Virtual size: 318KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ