Overview

overview

10

Static

static

10

5092-3-0x0...ry.exe

windows7-x64

1

5092-3-0x0...ry.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5092-3-0x0000000000400000-0x0000000000470000-memory.dmp

  • Size

    448KB

  • Sample

    240618-3lxtyatcpj

  • MD5

    1202cfcc41e9fcc571afa198749ebb30

  • SHA1

    21ffc5046ffd786658675c44d2b64ea8d14a341c

  • SHA256

    ae82f7d6988fda4ade763c89951ab51def983e8c81428eeaa3743fceef20e16b

  • SHA512

    25aac53850ffe87cae2a933edea917dcfaa3c738173f8e6849a60b447be2523798e0817be477cbe825c6fe14c438473190f419398c995ebd4a86d6acf8a9c7d0

  • SSDEEP

    6144:F1/z3vI+00XyPB3sBTaR5Gn/3s1BidDOos6H86pPDrhCzg+4rBMeauZe4/IYTEY3:jgiyOTaLqKB0T86dnhCsfB/auZeI

Score
10/10
amadey9a3efc

Malware Config

Extracted

Family

amadey

Version

4.21

Botnet

9a3efc

C2

http://check-ftp.ru

Attributes
  • install_dir

    b9695770f1

  • install_file

    Dctooux.exe

  • strings_key

    1d3a0f2941c4060dba7f23a378474944

  • url_paths

    /forum/index.php

rc4.plain

Targets

    • Target

      5092-3-0x0000000000400000-0x0000000000470000-memory.dmp

    • Size

      448KB

    • MD5

      1202cfcc41e9fcc571afa198749ebb30

    • SHA1

      21ffc5046ffd786658675c44d2b64ea8d14a341c

    • SHA256

      ae82f7d6988fda4ade763c89951ab51def983e8c81428eeaa3743fceef20e16b

    • SHA512

      25aac53850ffe87cae2a933edea917dcfaa3c738173f8e6849a60b447be2523798e0817be477cbe825c6fe14c438473190f419398c995ebd4a86d6acf8a9c7d0

    • SSDEEP

      6144:F1/z3vI+00XyPB3sBTaR5Gn/3s1BidDOos6H86pPDrhCzg+4rBMeauZe4/IYTEY3:jgiyOTaLqKB0T86dnhCsfB/auZeI

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks