amadey | 2128-3-0x0000000000B10000-0x0000000000FBF000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2128-3-0x0000000000B10000-0x0000000000FBF000-memory.dmp
Size

4.7MB
MD5

a13a324e1b3637e3a58cafb945551548
SHA1

12acbfd313d62e38615fefa6dc1dc1d235c3d139
SHA256

3d29d6c85e89b5ca408af2105dd265c4efde488a3b8abda8a1088dfb412f3cb3
SHA512

c541589e67dab1ec5bfae635796072f3cf9cd4890d3498f519dc260cf3f9b410c083462e6a681eca1c0224a091e07561f747a07128a995dc02ea0b77260ea7a5
SSDEEP

98304:UeUxXTji0t9mW/qIjMwGw/p1G5FMNUmtgqlOuJQH:UIyq1wGwR1UMNUmt8

Score

10^/10

e76b71 amadey

Malware Config

Extracted

Family

amadey

Version

8254624243

Botnet

e76b71

C2

http://77.91.77.81

Attributes

install_dir
8254624243
install_file
axplong.exe
strings_key
90049e51fabf09df0d6748e0b271922e
url_paths
/Kiru9gu/index.php

rc4.plain

Signatures

Amadey family
amadey

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2128-3-0x0000000000B10000-0x0000000000FBF000-memory.dmp

Files

2128-3-0x0000000000B10000-0x0000000000FBF000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 183KB - Virtual size: 416KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ngguupot
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ycgacxvi
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE