amadey | 3588-451-0x0000000000400000-0x0000000001828000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3588-451-0x0000000000400000-0x0000000001828000-memory.dmp
Size

20.2MB
MD5

9c17299ade38d77b82006ee8d7b8b797
SHA1

ae9fc7b1aeaa8cc352b104050eed150391758260
SHA256

5bdfb0228a8b3dca196a604aa7f99603d8cad320f2ee9ca2e1bdecaaa550f720
SHA512

69c532c0e741d28e758972da11bc6c10d2b6253c9446851cc6cf955eac7e7ce3c4e1cb957f1ae72b1418869f880524a5c4fd60bf27c8d0276eb12b3caf5b7795
SSDEEP

6144:U1voPvw+ZkXyPB3sBTaR5Gn/3s1BidDOos6H86pPDrhCzg+4zBMeauZe4l4TQf8K:PQNyOTaLqKB0T86dnhCsHB/auZeMJIy

Score

10^/10

b2c2c1 amadey

Malware Config

Extracted

Family

amadey

Version

4.21

Botnet

b2c2c1

C2

http://greendag.ru

Attributes

install_dir
e221f72865
install_file
Dctooux.exe
strings_key
09a7af7983af08af50ea3f51a73065e9
url_paths
/forum/index.php

rc4.plain

Signatures

Amadey family
amadey

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3588-451-0x0000000000400000-0x0000000001828000-memory.dmp

Files

3588-451-0x0000000000400000-0x0000000001828000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 318KB - Virtual size: 318KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ