amadey | 4760-3-0x0000000000790000-0x0000000000C45000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4760-3-0x0000000000790000-0x0000000000C45000-memory.dmp
Size

4.7MB
MD5

cebcaba5cf5b48580a9c75f83832b943
SHA1

00015beb4808aca4061bededfd0acd238e999cda
SHA256

15132226435d70b1fbd6a398e64b53b62ed78821670e186d8568b994cb24ffcc
SHA512

dcf2d323bf5ddc6dc1cfebe1d8f0e291f0c9b333c53d0c8b1944fc267eaf5e70071365cff4a165356a15525cddc96ff617e86bbb8323a209711637f59242670a
SSDEEP

98304:IF6sPQpSNug+FxcZr0weTluPQOCPKDjVnfW:IuVjT9NSXVnu

Score

10^/10

0e6740 amadey

Malware Config

Extracted

Family

amadey

Version

4.21

Botnet

0e6740

C2

http://147.45.47.155

Attributes

install_dir
9217037dc9
install_file
explortu.exe
strings_key
8e894a8a4a3d0da8924003a561cfb244
url_paths
/ku4Nor9/index.php

rc4.plain

Signatures

Amadey family
amadey

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4760-3-0x0000000000790000-0x0000000000C45000-memory.dmp

Files

4760-3-0x0000000000790000-0x0000000000C45000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 182KB - Virtual size: 408KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

nfstfheh
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

lidebhkx
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE