amadey | 4316-3-0x0000000000430000-0x00000000008F2000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4316-3-0x0000000000430000-0x00000000008F2000-memory.dmp
Size

4.8MB
MD5

ae9a20deff83fae80d647256852f5505
SHA1

fa0b969f2fec1d5f1739c8b08f561601a1607d84
SHA256

375af2634d223b31f554ebc8a52132c74da6e0b6147edd95c2bfa36d1a614b75
SHA512

c67e73632c867562860f7308b6bd6670934d19776ed7447444c5de602ff1f3f8e5da1f323acb8fb950d2ca591ef92dc6684d38a75fd80ae6d535dbeee0246f9d
SSDEEP

98304:KbVz19T7GWI9DctcKQMJ4p7l1c7h/BInLnYYHe+F:Knh4f1q6LnYYHH

Score

10^/10

0e6740 amadey

Malware Config

Extracted

Family

amadey

Version

4.21

Botnet

0e6740

C2

http://147.45.47.155

Attributes

install_dir
9217037dc9
install_file
explortu.exe
strings_key
8e894a8a4a3d0da8924003a561cfb244
url_paths
/ku4Nor9/index.php

rc4.plain

Signatures

Amadey family
amadey

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4316-3-0x0000000000430000-0x00000000008F2000-memory.dmp

Files

4316-3-0x0000000000430000-0x00000000008F2000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 182KB - Virtual size: 408KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xxiphuuq
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

gynwsquc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE