amadey | 632-3-0x0000000000060000-0x0000000000519000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

632-3-0x0000000000060000-0x0000000000519000-memory.dmp
Size

4.7MB
MD5

bd45edc0f7fb702ffd9b283350138cb2
SHA1

7cabd975d8553e94b3ddb207271b4491f3a6f859
SHA256

d4b02b2d2674309a236d451c97ed4285b146fe05de6cfed90e0c8105591c8bb4
SHA512

c121ae9e01a98e41f21e7299a99430d03f75d400654a0c9673d117b6e5976d6ed82e1ca36696abc704758ac1b53c24863d33438dbd279d9641fbcb3df8060c59
SSDEEP

98304:d1txsp81cTC/iLP7+uHIL1hXmyyEUZ45BRmcEn:dQLarhXmyyEUQm

Score

10^/10

0e6740 amadey

Malware Config

Extracted

Family

amadey

Version

4.21

Botnet

0e6740

C2

http://147.45.47.155

Attributes

install_dir
9217037dc9
install_file
explortu.exe
strings_key
8e894a8a4a3d0da8924003a561cfb244
url_paths
/ku4Nor9/index.php

rc4.plain

Signatures

Amadey family
amadey

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
632-3-0x0000000000060000-0x0000000000519000-memory.dmp

Files

632-3-0x0000000000060000-0x0000000000519000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 182KB - Virtual size: 408KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

isrjgbtz
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

hnjqouhr
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE