amadey | 4948-3-0x00000000007C0000-0x0000000000C74000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4948-3-0x00000000007C0000-0x0000000000C74000-memory.dmp
Size

4.7MB
MD5

539fbc9ea44ec6aa3fdbb9a7b987828a
SHA1

bc787f127b6c29c34a638c67ca76c597ef82fb0a
SHA256

ee0fd93a4e8a12234bf10bc8dc1f56b5516b627531f812d53648c709a6ad5c78
SHA512

fbfa0247a5ca2e2153b1108eee5149980be6bba46a42880b164206d4f23c521b89dbce14117ecbb2eb7da33801056f07c3728908e5fdd5e6862c9e82d8ad78f5
SSDEEP

98304:vYszeyt8ZKcOvyJkypcXqtZDR+fp/jLHudNErncd:viRKgv+B77+Ej

Score

10^/10

0e6740 amadey

Malware Config

Extracted

Family

amadey

Version

4.21

Botnet

0e6740

C2

http://147.45.47.155

Attributes

install_dir
9217037dc9
install_file
explortu.exe
strings_key
8e894a8a4a3d0da8924003a561cfb244
url_paths
/ku4Nor9/index.php

rc4.plain

Signatures

Amadey family
amadey

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4948-3-0x00000000007C0000-0x0000000000C74000-memory.dmp

Files

4948-3-0x00000000007C0000-0x0000000000C74000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 182KB - Virtual size: 408KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

hcrsvpgd
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

nhranswj
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE