amadey | 4568-99-0x00000000007A0000-0x0000000000C51000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4568-99-0x00000000007A0000-0x0000000000C51000-memory.dmp
Size

4.7MB
MD5

1b8516b3e9bffd92f8dfc6978409132d
SHA1

e4255c3b054b0595d888fc61d268e47813503e7e
SHA256

89faf0ee47391108f97e58e731cd0f3a6c0202796ca577c9483745b52c8256aa
SHA512

076b3d48dbd0d266633d54a6b3595bd499504c5cda1386c5512401ce84bfc767440f5fc48cd8092065e711635ec3ca391029f372f09810c5fe932e3ea4dc22a6
SSDEEP

98304:6SvXwwI0rW6GtwmT3tfiwEa4ygvpb3AGJG6c8eDaP6b8FBuZCAJ:6NLcp3HGhjmwC

Score

10^/10

4dd39d amadey

Malware Config

Extracted

Family

amadey

Version

4.30

Botnet

4dd39d

C2

http://77.91.77.82

Attributes

install_dir
ad40971b6b
install_file
explorti.exe
strings_key
a434973ad22def7137dbb5e059b7081e
url_paths
/Hun4Ko/index.php

rc4.plain

Signatures

Amadey family
amadey

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4568-99-0x00000000007A0000-0x0000000000C51000-memory.dmp

Files

4568-99-0x00000000007A0000-0x0000000000C51000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 183KB - Virtual size: 416KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

dyjriamx
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

skmeftdr
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE