amadey | 2152-95-0x0000000000B60000-0x0000000001023000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2152-95-0x0000000000B60000-0x0000000001023000-memory.dmp
Size

4.8MB
MD5

d91f026cc1d51142c4e87572e8b867cc
SHA1

e78c58ed359986751de08d8914545458a01077af
SHA256

141596ec6e81acba4d6734bd90d1f5ac15ad6ae8609229391cea1ca5091b1f01
SHA512

721463171d1268fc5cf328255fc4be8ee35f625aa3ca9ba63aaa7ec63f748a37577bb74dbde837f3d6196094cdaf7bcf04d2a31b55a33e6bdac775b3f555d0cd
SSDEEP

98304:CeNJctbXxABVNv2o/DrCqUtJI/Bzn31Q5NYMNYdbaVo83:C43rRUtJWZ16Y8YdbLK

Score

10^/10

0e6740 amadey

Malware Config

Extracted

Family

amadey

Version

4.21

Botnet

0e6740

C2

http://147.45.47.155

Attributes

install_dir
9217037dc9
install_file
explortu.exe
strings_key
8e894a8a4a3d0da8924003a561cfb244
url_paths
/ku4Nor9/index.php

rc4.plain

Signatures

Amadey family
amadey

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2152-95-0x0000000000B60000-0x0000000001023000-memory.dmp

Files

2152-95-0x0000000000B60000-0x0000000001023000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 182KB - Virtual size: 408KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

nsqcscyw
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ehnjybjn
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE