Overview

overview

10

Static

static

10

1964-3-0x0...ry.exe

windows7-x64

10

1964-3-0x0...ry.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    1964-3-0x0000000001350000-0x0000000001800000-memory.dmp

  • Size

    4.7MB

  • MD5

    0e256a289d397139a4c066dc4d9ace28

  • SHA1

    c14546d2edea4c48a77843b6b51e9e06b269ca48

  • SHA256

    8c9d10872e9af17f2beb43ed505483ea9c5d2a185fa14423f946eb28070107b3

  • SHA512

    a362e929f3920952fcb56dcad2bd9c9317386857e3316bcb8e9deb74051daaeee52477f44a51cbc36b7a8008e8a57d20b1418a506d2a72567e77ef21fc64010a

  • SSDEEP

    49152:cy1BskS3WMieUSuo6b6h3IC1pL/27IuTpkIRTwgWswOnleSvTHU4XgnZjNj:L1BskuRdUXb6RIObqLkIbfnleIbkx

Score
10/10
c767c0amadey

Malware Config

Extracted

Family

amadey

Version

4.20

Botnet

c767c0

C2

http://5.42.96.7

Attributes
  • install_dir

    7af68cdb52

  • install_file

    axplons.exe

  • strings_key

    e2ce58e78f631ed97d01fe7b70e85d5e

  • url_paths

    /zamo7h/index.php

rc4.plain

Signatures

  • Amadey family
    amadey
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1964-3-0x0000000001350000-0x0000000001800000-memory.dmp
    .exe windows:6 windows x86 arch:x86


    Headers

    Sections