amadey | 816-3-0x0000000000800000-0x0000000000CB6000-memory[.]dmp | Triage

Sharing

General

Target

816-3-0x0000000000800000-0x0000000000CB6000-memory.dmp
Size

4.7MB
MD5

9e4ae39f0838c6a52c472c89b768eb21
SHA1

3d1fcef005a91e29d580a893fe6053e448ceb5a3
SHA256

a0a684599702c8d5a09c891e6ea11349e7a787cc112539c85707c7a6ad1a848c
SHA512

4c3bc026aecc7e9b2b090c520809a08b90f13ba01c8cc57a4be6e39e328ab6769c59a020f3ffbd8ecf339b842ac3bab33e677c4dcc5d4fc5a3e121ee02a4d6be
SSDEEP

98304:T0FCbuSZmpaA/xsrh+djKi01wA8ZYqgcvXtDqW:Th+pKxwXtDL

Score

10^/10

0657d1 amadey

Malware Config

Extracted

Family

amadey

Version

4.41

Botnet

0657d1

C2

http://185.215.113.19

Attributes

install_dir
0d8f5eb8a7
install_file
explorti.exe
strings_key
6c55a5f34bb433fbd933a168577b1838
url_paths
/Vi9leo/index.php

rc4.plain

Signatures

Amadey family
amadey

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
816-3-0x0000000000800000-0x0000000000CB6000-memory.dmp

Files

816-3-0x0000000000800000-0x0000000000CB6000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 183KB - Virtual size: 416KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

dritxjot
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

prnweerz
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE