amadey | 3280-3-0x00000000004C0000-0x0000000000978000-memory[.]dmp | Triage

Sharing

General

Target

3280-3-0x00000000004C0000-0x0000000000978000-memory.dmp
Size

4.7MB
MD5

4761b781b83e5f8829b075d66421feba
SHA1

841fe18c8c5f6c6b58cb306f17f949a6dd0854a6
SHA256

e5ff46caaa6fb44d7e46bec649338c061f0b7f277fbedad8ff899a416ce16206
SHA512

9abbad7a39871fd3a27cef5bbbfdc54f4017274aee03c8c07c641b3aaa5f47ec7fc0274cf4e9d0cc14d538ca810c88fb34000104bc92d620e6b5c09f4900c1ab
SSDEEP

98304:KTm3OsraMQo+LLRb6Rt/QG0+YblJ+89sKu6D2BQWJQh:KzFb6RBwd92Xq9h

Score

10^/10

4dd39d amadey

Malware Config

Extracted

Family

amadey

Version

4.30

Botnet

4dd39d

C2

http://77.91.77.82

Attributes

install_dir
ad40971b6b
install_file
explorti.exe
strings_key
a434973ad22def7137dbb5e059b7081e
url_paths
/Hun4Ko/index.php

rc4.plain

Signatures

Amadey family
amadey

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3280-3-0x00000000004C0000-0x0000000000978000-memory.dmp

Files

3280-3-0x00000000004C0000-0x0000000000978000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 183KB - Virtual size: 416KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

lcqczjjk
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xufakdlg
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE