Overview

overview

10

Static

static

10

2196-2-0x0...ry.exe

windows7-x64

10

2196-2-0x0...ry.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2196-2-0x0000000000A60000-0x0000000000F32000-memory.dmp

  • Size

    4.8MB

  • MD5

    d050e17f8f4a0b68d9747a714c8d02c2

  • SHA1

    fba4b065d23156df3f21304e8203f01cb733acbc

  • SHA256

    90a326e8ddaff251e8e4d0e9b5505334b5e00d631f70577367f0fb5fe02ba08d

  • SHA512

    d38f471dda8059ebcf5ca0b1eed25a85abfbcc6b0e2505cf94269e01eca38d0960b16dbca103765246b830f8d5fb214ad46ba6022a4d2f71d24df64679e916fd

  • SSDEEP

    98304:ab589RG4jOMrcxfm6xxbEWRlgjAk8i+guOacZ70PIg02eUAlCRz:ajFxBYAcVacBkI72e34

Score
10/10
b68ccfamadey

Malware Config

Extracted

Family

amadey

Version

4.17

Botnet

b68ccf

C2

http://185.215.113.32

Attributes
  • install_dir

    00c07260dc

  • install_file

    explorgu.exe

  • strings_key

    461809bd97c251ba0c0c8450c7055f1d

  • url_paths

    /yandex/index.php

rc4.plain

Signatures

  • Amadey family
    amadey
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2196-2-0x0000000000A60000-0x0000000000F32000-memory.dmp
    .exe windows:6 windows x86 arch:x86


    Headers

    Sections